/*
 * bjca_crypto.js
 * @author zhaoyongsheng
 * Copyright 2011-2014 BJCA.
 */

var forge,xtx
(function () {

  if (typeof forge === 'undefined') {
    forge = { disableNativeCode: false };
  }

})();

(function () {
  function initModule(forge) {

    var util = forge.util = forge.util || {};

    util.setImmediate = function (callback) {
      setTimeout(callback, 0);
    };
    util.nextTick = util.setImmediate;

    util.isArray = Array.isArray || function (x) {
      return Object.prototype.toString.call(x) === '[object Array]';
    };

    util.isArrayBuffer = function (x) {
      return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer;
    };

    var _arrayBufferViews = [];
    if (typeof DataView !== 'undefined') {
      _arrayBufferViews.push(DataView);
    }
    if (typeof Uint8Array !== 'undefined') {
      _arrayBufferViews.push(Uint8Array);
    }
    if (typeof Uint16Array !== 'undefined') {
      _arrayBufferViews.push(Uint16Array);
    }
    if (typeof Uint32Array !== 'undefined') {
      _arrayBufferViews.push(Uint32Array);
    }
    util.isArrayBufferView = function (x) {
      for (var i = 0; i < _arrayBufferViews.length; ++i) {
        if (x instanceof _arrayBufferViews[i]) {
          return true;
        }
      }
      return false;
    };

    util.ByteBuffer = ByteStringBuffer;
    function ByteStringBuffer(b, options) {
      if (typeof options === 'string') {
        options = { encoding: options };
      }
      options = options || {};

      this.data = '';
      this.read = 0;

      if (typeof b === 'string') {
        if (options.encoding === 'utf8') {
          b = util.encodeUtf8(b);
        } else if (options.encoding === 'hex') {
          b = util.hexToBytes(b);
        } else if (options.encoding === 'base64') {
          b = util.decode64(b);
        }
        this.data = b;
      } else if (util.isArrayBuffer(b) || util.isArrayBufferView(b)) {
        var arr = new Uint8Array(b);
        try {
          this.data = String.fromCharCode.apply(null, arr);
        } catch (e) {
          for (var i = 0; i < arr.length; ++i) {
            this.putByte(arr[i]);
          }
        }
      } else if (util.isArray(b)) {
        for (var i = 0; i < b.length; ++i) {
          this.putByte(b[i]);
        }
      } else if (b instanceof ByteStringBuffer ||
        (typeof b === 'object' && typeof b.data === 'string' &&
          typeof b.read === 'number')) {
        this.data = b.data;
        this.read = b.read;
      }
    }
    util.ByteStringBuffer = ByteStringBuffer;

    util.ByteStringBuffer.prototype.length = function () {
      return this.data.length - this.read;
    };

    util.ByteStringBuffer.prototype.isEmpty = function () {
      return this.length() <= 0;
    };

    util.ByteStringBuffer.prototype.putByte = function (b) {
      this.data += String.fromCharCode(b);
      return this;
    };

    util.ByteStringBuffer.prototype.fillWithByte = function (b, n) {
      b = String.fromCharCode(b);
      var d = this.data;
      while (n > 0) {
        if (n & 1) {
          d += b;
        }
        n >>>= 1;
        if (n > 0) {
          b += b;
        }
      }
      this.data = d;
      return this;
    };

    util.ByteStringBuffer.prototype.putBytes = function (bytes) {
      this.data += bytes;
      return this;
    };

    util.ByteStringBuffer.prototype.putInt16 = function (i) {
      this.data +=
        String.fromCharCode(i >> 8 & 0xFF) +
        String.fromCharCode(i & 0xFF);
      return this;
    };

    util.ByteStringBuffer.prototype.putInt32 = function (i) {
      this.data +=
        String.fromCharCode(i >> 24 & 0xFF) +
        String.fromCharCode(i >> 16 & 0xFF) +
        String.fromCharCode(i >> 8 & 0xFF) +
        String.fromCharCode(i & 0xFF);
      return this;
    };

    util.ByteStringBuffer.prototype.putInt = function (i, n) {
      do {
        n -= 8;
        this.data += String.fromCharCode((i >> n) & 0xFF);
      } while (n > 0);
      return this;
    };

    util.ByteStringBuffer.prototype.putSignedInt = function (i, n) {
      if (i < 0) {
        i += 2 << (n - 1);
      }
      return this.putInt(i, n);
    };

    util.ByteStringBuffer.prototype.putBuffer = function (buffer) {
      this.data += buffer.getBytes();
      return this;
    };

    util.ByteStringBuffer.prototype.getByte = function () {
      return this.data.charCodeAt(this.read++);
    };

    util.ByteStringBuffer.prototype.getInt16 = function () {
      var rval = (
        this.data.charCodeAt(this.read) << 8 ^
        this.data.charCodeAt(this.read + 1));
      this.read += 2;
      return rval;
    };

    util.ByteStringBuffer.prototype.getInt24 = function () {
      var rval = (
        this.data.charCodeAt(this.read) << 16 ^
        this.data.charCodeAt(this.read + 1) << 8 ^
        this.data.charCodeAt(this.read + 2));
      this.read += 3;
      return rval;
    };

    util.ByteStringBuffer.prototype.getInt32 = function () {
      var rval = (
        this.data.charCodeAt(this.read) << 24 ^
        this.data.charCodeAt(this.read + 1) << 16 ^
        this.data.charCodeAt(this.read + 2) << 8 ^
        this.data.charCodeAt(this.read + 3));
      this.read += 4;
      return rval;
    };

    util.ByteStringBuffer.prototype.getInt = function (n) {
      var rval = 0;
      do {
        rval = (rval << 8) + this.data.charCodeAt(this.read++);
        n -= 8;
      } while (n > 0);
      return rval;
    };

    util.ByteStringBuffer.prototype.getSignedInt = function (n) {
      var x = this.getInt(n);
      var max = 2 << (n - 2);
      if (x >= max) {
        x -= max << 1;
      }
      return x;
    };

    util.ByteStringBuffer.prototype.getBytes = function (count) {
      var rval;
      if (count) {
        count = Math.min(this.length(), count);
        rval = this.data.slice(this.read, this.read + count);
        this.read += count;
      } else if (count === 0) {
        rval = '';
      } else {
        rval = (this.read === 0) ? this.data : this.data.slice(this.read);
        this.clear();
      }
      return rval;
    };

    util.ByteStringBuffer.prototype.bytes = function (count) {
      return (typeof (count) === 'undefined' ?
        this.data.slice(this.read) :
        this.data.slice(this.read, this.read + count));
    };

    util.ByteStringBuffer.prototype.at = function (i) {
      return this.data.charCodeAt(this.read + i);
    };

    util.ByteStringBuffer.prototype.setAt = function (i, b) {
      this.data = this.data.substr(0, this.read + i) +
        String.fromCharCode(b) +
        this.data.substr(this.read + i + 1);
      return this;
    };

    util.ByteStringBuffer.prototype.last = function () {
      return this.data.charCodeAt(this.data.length - 1);
    };

    util.ByteStringBuffer.prototype.copy = function () {
      var c = util.createBuffer(this.data);
      c.read = this.read;
      return c;
    };

    util.ByteStringBuffer.prototype.compact = function () {
      if (this.read > 0) {
        this.data = this.data.slice(this.read);
        this.read = 0;
      }
      return this;
    };

    util.ByteStringBuffer.prototype.clear = function () {
      this.data = '';
      this.read = 0;
      return this;
    };

    util.ByteStringBuffer.prototype.truncate = function (count) {
      var len = Math.max(0, this.length() - count);
      this.data = this.data.substr(this.read, len);
      this.read = 0;
      return this;
    };

    util.ByteStringBuffer.prototype.toHex = function () {
      var rval = '';
      for (var i = this.read; i < this.data.length; ++i) {
        var b = this.data.charCodeAt(i);
        if (b < 16) {
          rval += '0';
        }
        rval += b.toString(16);
      }
      return rval;
    };

    util.ByteStringBuffer.prototype.toString = function (encoding, options) {
      encoding = encoding || 'utf8';
      options = options || {};

      if (encoding === 'binary' || encoding === 'raw') {
        return this.bytes();
      }
      if (encoding === 'hex') {
        return this.toHex();
      }
      if (encoding === 'base64') {
        return util.encode64(this.bytes());
      }
      if (encoding === 'utf8') {
        return util.decodeUtf8(this.bytes());
      }

      throw new Error('Invalid encoding: ' + encoding);
    };

    function DataBuffer(b, options) {
      if (typeof options === 'string') {
        options = { encoding: options };
      }
      options = options || {};

      this.read = options.readOffset || 0;
      this.growSize = options.growSize || 1024;

      var isArrayBuffer = util.isArrayBuffer(b);
      var isArrayBufferView = util.isArrayBufferView(b);
      if (isArrayBuffer || isArrayBufferView) {
        if (isArrayBuffer) {
          this.data = new DataView(b);
        } else {
          this.data = new DataView(b.buffer, b.byteOffset, b.byteLength);
        }
        this.write = ('writeOffset' in options ?
          options.writeOffset : this.data.byteLength);
        return;
      }

      this.data = new DataView(new ArrayBuffer(0));
      this.write = 0;

      if (b !== null && b !== undefined) {
        this.putBytes(b);
      }

      if ('writeOffset' in options) {
        this.write = options.writeOffset;
      }
    }
    util.DataBuffer = DataBuffer;

    util.DataBuffer.prototype.length = function () {
      return this.write - this.read;
    };

    util.DataBuffer.prototype.isEmpty = function () {
      return this.length() <= 0;
    };

    util.DataBuffer.prototype.accommodate = function (amount, growSize) {
      if (this.length() >= amount) {
        return this;
      }
      growSize = Math.max(growSize || this.growSize, amount);

      var src = new Uint8Array(
        this.data.buffer, this.data.byteOffset, this.data.byteLength);
      var dst = new Uint8Array(this.length() + growSize);
      dst.set(src);
      this.data = new DataView(dst.buffer);

      return this;
    };

    util.DataBuffer.prototype.putByte = function (b) {
      this.accommodate(1);
      this.data.setUint8(this.write++, b);
      return this;
    };

    util.DataBuffer.prototype.fillWithByte = function (b, n) {
      this.accommodate(n);
      for (var i = 0; i < n; ++i) {
        this.data.setUint8(b);
      }
      return this;
    };

    util.DataBuffer.prototype.putBytes = function (bytes, encoding) {
      if (util.isArrayBufferView(bytes)) {
        var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength);
        var len = src.byteLength - src.byteOffset;
        this.accommodate(len);
        var dst = new Uint8Array(this.data.buffer, this.write);
        dst.set(src);
        this.write += len;
        return this;
      }

      if (util.isArrayBuffer(bytes)) {
        var src = new Uint8Array(bytes);
        this.accommodate(src.byteLength);
        var dst = new Uint8Array(this.data.buffer);
        dst.set(src, this.write);
        this.write += src.byteLength;
        return this;
      }

      if (bytes instanceof util.DataBuffer ||
        (typeof bytes === 'object' &&
          typeof bytes.read === 'number' && typeof bytes.write === 'number' &&
          util.isArrayBufferView(bytes.data))) {
        var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length());
        this.accommodate(src.byteLength);
        var dst = new Uint8Array(bytes.data.byteLength, this.write);
        dst.set(src);
        this.write += src.byteLength;
        return this;
      }

      if (bytes instanceof util.ByteStringBuffer) {
        bytes = bytes.data;
        encoding = 'binary';
      }

      encoding = encoding || 'binary';
      if (typeof bytes === 'string') {
        var view;
        if (encoding === 'hex') {
          this.accommodate(Math.ceil(bytes.length / 2));
          view = new Uint8Array(this.data.buffer, this.write);
          this.write += util.binary.hex.decode(bytes, view, this.write);
          return this;
        }
        if (encoding === 'base64') {
          this.accommodate(Math.ceil(bytes.length / 4) * 3);
          view = new Uint8Array(this.data.buffer, this.write);
          this.write += util.binary.base64.decode(bytes, view, this.write);
          return this;
        }

        if (encoding === 'utf8') {
          bytes = util.encodeUtf8(bytes);
          encoding = 'binary';
        }

        if (encoding === 'binary' || encoding === 'raw') {
          this.accommodate(bytes.length);
          view = new Uint8Array(this.data.buffer, this.write);
          this.write += util.binary.raw.decode(view);
          return this;
        }

        throw new Error('Invalid encoding: ' + encoding);
      }

      throw Error('Invalid parameter: ' + bytes);
    };

    util.DataBuffer.prototype.putBuffer = function (buffer) {
      this.putBytes(buffer);
      buffer.clear();
      return this;
    };

    util.DataBuffer.prototype.putInt16 = function (i) {
      this.accommodate(2);
      this.data.setInt16(this.write, i);
      this.write += 2;
      return this;
    };

    util.DataBuffer.prototype.putInt32 = function (i) {
      this.accommodate(4);
      this.data.setInt32(this.write, i);
      this.write += 4;
      return this;
    };

    util.DataBuffer.prototype.putInt = function (i, n) {
      this.accommodate(n / 8);
      do {
        n -= 8;
        this.data.setInt8(this.write++, (i >> n) & 0xFF);
      } while (n > 0);
      return this;
    };

    util.DataBuffer.prototype.putSignedInt = function (i, n) {
      this.accommodate(n / 8);
      if (i < 0) {
        i += 2 << (n - 1);
      }
      return this.putInt(i, n);
    };

    util.DataBuffer.prototype.getByte = function () {
      return this.data.getInt8(this.read++);
    };

    util.DataBuffer.prototype.getInt16 = function () {
      var rval = this.data.getInt16(this.read);
      this.read += 2;
      return rval;
    };

    util.DataBuffer.prototype.getInt24 = function () {
      var rval = (
        this.data.getInt16(this.read) << 8 ^
        this.data.getInt8(this.read + 2));
      this.read += 3;
      return rval;
    };

    util.DataBuffer.prototype.getInt32 = function () {
      var rval = this.data.getInt32(this.read);
      this.read += 4;
      return rval;
    };

    util.DataBuffer.prototype.getInt = function (n) {
      var rval = 0;
      do {
        rval = (rval << 8) + this.data.getInt8(this.read++);
        n -= 8;
      } while (n > 0);
      return rval;
    };

    util.DataBuffer.prototype.getSignedInt = function (n) {
      var x = this.getInt(n);
      var max = 2 << (n - 2);
      if (x >= max) {
        x -= max << 1;
      }
      return x;
    };

    util.DataBuffer.prototype.getBytes = function (count) {
      var rval;
      if (count) {
        count = Math.min(this.length(), count);
        rval = this.data.slice(this.read, this.read + count);
        this.read += count;
      } else if (count === 0) {
        rval = '';
      } else {
        rval = (this.read === 0) ? this.data : this.data.slice(this.read);
        this.clear();
      }
      return rval;
    };

    util.DataBuffer.prototype.bytes = function (count) {
      return (typeof (count) === 'undefined' ?
        this.data.slice(this.read) :
        this.data.slice(this.read, this.read + count));
    };

    util.DataBuffer.prototype.at = function (i) {
      return this.data.getUint8(this.read + i);
    };

    util.DataBuffer.prototype.setAt = function (i, b) {
      this.data.setUint8(i, b);
      return this;
    };

    util.DataBuffer.prototype.last = function () {
      return this.data.getUint8(this.write - 1);
    };

    util.DataBuffer.prototype.copy = function () {
      return new util.DataBuffer(this);
    };

    util.DataBuffer.prototype.compact = function () {
      if (this.read > 0) {
        var src = new Uint8Array(this.data.buffer, this.read);
        var dst = new Uint8Array(src.byteLength);
        dst.set(src);
        this.data = new DataView(dst);
        this.write -= this.read;
        this.read = 0;
      }
      return this;
    };

    util.DataBuffer.prototype.clear = function () {
      this.data = new DataView(new ArrayBuffer(0));
      this.read = this.write = 0;
      return this;
    };

    util.DataBuffer.prototype.truncate = function (count) {
      this.write = Math.max(0, this.length() - count);
      this.read = Math.min(this.read, this.write);
      return this;
    };

    util.DataBuffer.prototype.toHex = function () {
      var rval = '';
      for (var i = this.read; i < this.data.byteLength; ++i) {
        var b = this.data.getUint8(i);
        if (b < 16) {
          rval += '0';
        }
        rval += b.toString(16);
      }
      return rval;
    };

    util.DataBuffer.prototype.toString = function (encoding, options) {
      encoding = encoding || 'utf8';
      options = options || {};

      var view = new Uint8Array(this.data, this.read, this.length());

      if (encoding === 'binary' || encoding === 'raw') {
        return util.binary.raw.encode(view);
      }
      if (encoding === 'hex') {
        return util.binary.hex.encode(view);
      }
      if (encoding === 'base64') {
        return util.binary.base64.encode(view, options);
      }

      if (encoding === 'utf8') {
        return util.text.utf8.decode(view);
      }

      throw new Error('Invalid encoding: ' + encoding);
    };

    util.createBuffer = function (input, encoding) {
      if (input === undefined) {
        return new util.ByteBuffer();
      }
      encoding = encoding || 'raw';
      if (encoding === 'utf8') {
        input = util.encodeUtf8(input);
      } else if (encoding === 'hex') {
        input = util.hexToBytes(input);
      }

      return new util.ByteBuffer(input);
    };

    util.fillString = function (c, n) {
      var s = '';
      while (n > 0) {
        if (n & 1) {
          s += c;
        }
        n >>>= 1;
        if (n > 0) {
          c += c;
        }
      }
      return s;
    };

    util.xorBytes = function (s1, s2, n) {
      var s3 = '';
      var b = '';
      var t = '';
      var i = 0;
      var c = 0;
      for (; n > 0; --n, ++i) {
        b = s1.charCodeAt(i) ^ s2.charCodeAt(i);
        if (c >= 10) {
          s3 += t;
          t = '';
          c = 0;
        }
        t += String.fromCharCode(b);
        ++c;
      }
      s3 += t;
      return s3;
    };

    util.hexToBytes = function (hex) {
      var rval = '';
      var i = 0;
      if (hex.length & 1 == 1) {
        i = 1;
        rval += String.fromCharCode(parseInt(hex[0], 16));
      }
      for (; i < hex.length; i += 2) {
        rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
      }
      return rval;
    };

    util.bytesToHex = function (bytes) {
      return util.createBuffer(bytes).toHex();
    };

    // base64 characters, reverse mapping
    var _base64 =
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
    var _base64Idx = [
      /*43 -43 = 0*/
      /*'+',  1,  2,  3,'/' */
      62, -1, -1, -1, 63,

      /*'0','1','2','3','4','5','6','7','8','9' */
      52, 53, 54, 55, 56, 57, 58, 59, 60, 61,

      /*15, 16, 17,'=', 19, 20, 21 */
      -1, -1, -1, 64, -1, -1, -1,

      /*65 - 43 = 22*/
      /*'A','B','C','D','E','F','G','H','I','J','K','L','M', */
      0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,

      /*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */
      13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,

      /*91 - 43 = 48 */
      /*48, 49, 50, 51, 52, 53 */
      -1, -1, -1, -1, -1, -1,

      /*97 - 43 = 54*/
      /*'a','b','c','d','e','f','g','h','i','j','k','l','m' */
      26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,

      /*'n','o','p','q','r','s','t','u','v','w','x','y','z' */
      39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
    ];

    util.encode64 = function (input) {
      var line = '';
      var output = '';
      var chr1, chr2, chr3;
      var i = 0;
      while (i < input.length) {
        chr1 = input.charCodeAt(i++);
        chr2 = input.charCodeAt(i++);
        chr3 = input.charCodeAt(i++);

        line += _base64.charAt(chr1 >> 2);
        line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));
        if (isNaN(chr2)) {
          line += '==';
        } else {
          line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));
          line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);
        }
      }
      output += line;
      return output;
    };

    util.decode64 = function (input) {
      input = input.replace(/[^A-Za-z0-9\+\/\=]/g, '');

      var output = '';
      var enc1, enc2, enc3, enc4;
      var i = 0;

      while (i < input.length) {
        enc1 = _base64Idx[input.charCodeAt(i++) - 43];
        enc2 = _base64Idx[input.charCodeAt(i++) - 43];
        enc3 = _base64Idx[input.charCodeAt(i++) - 43];
        enc4 = _base64Idx[input.charCodeAt(i++) - 43];

        output += String.fromCharCode((enc1 << 2) | (enc2 >> 4));
        if (enc3 !== 64) {
          output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2));
          if (enc4 !== 64) {
            output += String.fromCharCode(((enc3 & 3) << 6) | enc4);
          }
        }
      }

      return output;
    };

    util.encodeUtf8 = function (str) {
      return unescape(encodeURIComponent(str));
    };

    util.decodeUtf8 = function (str) {
      return decodeURIComponent(escape(str));
    };

    util.binary = {
      raw: {},
      hex: {},
      base64: {}
    };

    util.binary.raw.encode = function (bytes) {
      return String.fromCharCode.apply(null, bytes);
    };

    util.binary.raw.decode = function (str, output, offset) {
      var out = output;
      if (!out) {
        out = new Uint8Array(str.length);
      }
      offset = offset || 0;
      var j = offset;
      for (var i = 0; i < str.length; ++i) {
        out[j++] = str.charCodeAt(i);
      }
      return output ? (j - offset) : out;
    };

    util.binary.hex.encode = util.bytesToHex;

    util.binary.hex.decode = function (hex, output, offset) {
      var out = output;
      if (!out) {
        out = new Uint8Array(Math.ceil(hex.length / 2));
      }
      offset = offset || 0;
      var i = 0, j = offset;
      if (hex.length & 1) {
        i = 1;
        out[j++] = parseInt(hex[0], 16);
      }
      for (; i < hex.length; i += 2) {
        out[j++] = parseInt(hex.substr(i, 2), 16);
      }
      return output ? (j - offset) : out;
    };

    util.binary.base64.encode = function (input, options) {
      options = options || {};
      var maxline = options.maxline;

      var line = '';
      var output = '';
      var chr1, chr2, chr3;
      var i = 0;
      while (i < input.byteLength) {
        chr1 = input[i++];
        chr2 = input[i++];
        chr3 = input[i++];

        line += _base64.charAt(chr1 >> 2);
        line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));
        if (isNaN(chr2)) {
          line += '==';
        } else {
          line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));
          line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);
        }
      }
      output += line;
      return output;
    };

    util.binary.base64.decode = function (input, output, offset) {
      var out = output;
      if (!out) {
        out = new Uint8Array(Math.ceil(input.length / 4) * 3);
      }

      // remove all non-base64 characters
      input = input.replace(/[^A-Za-z0-9\+\/\=]/g, '');

      offset = offset || 0;
      var enc1, enc2, enc3, enc4;
      var i = 0, j = offset;

      while (i < input.length) {
        enc1 = _base64Idx[input.charCodeAt(i++) - 43];
        enc2 = _base64Idx[input.charCodeAt(i++) - 43];
        enc3 = _base64Idx[input.charCodeAt(i++) - 43];
        enc4 = _base64Idx[input.charCodeAt(i++) - 43];

        out[j++] = (enc1 << 2) | (enc2 >> 4);
        if (enc3 !== 64) {
          out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2);
          if (enc4 !== 64) {
            out[j++] = ((enc3 & 3) << 6) | enc4;
          }
        }
      }

      return output ? (j - offset) : out;
    };

    util.text = {
      utf8: {}
    };

    util.text.utf8.encode = function (str, output, offset) {
      str = util.encodeUtf8(str);
      var out = output;
      if (!out) {
        out = new Uint8Array(str.length);
      }
      offset = offset || 0;
      var j = offset;
      for (var i = 0; i < str.length; ++i) {
        out[j++] = str.charCodeAt(i);
      }
      return output ? (j - offset) : out;
    };

    util.text.utf8.decode = function (bytes) {
      return util.decodeUtf8(String.fromCharCode.apply(null, bytes));
    };

    /*
     * Check if an object is empty.
     *
     * Taken from:
     * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937
     *
     * @param object the object to check.
     */
    util.isEmpty = function (obj) {
      for (var prop in obj) {
        if (obj.hasOwnProperty(prop)) {
          return false;
        }
      }
      return true;
    };

    /*
     * Format with simple printf-style interpolation.
     *
     * %%: literal '%'
     * %s,%o: convert next argument into a string.
     *
     * @param format the string to format.
     * @param ... arguments to interpolate into the format string.
     */
    util.format = function (format) {
      var re = /%./g;
      // current match
      var match;
      // current part
      var part;
      // current arg index
      var argi = 0;
      // collected parts to recombine later
      var parts = [];
      // last index found
      var last = 0;
      // loop while matches remain
      while ((match = re.exec(format))) {
        part = format.substring(last, re.lastIndex - 2);
        // don't add empty strings (ie, parts between %s%s)
        if (part.length > 0) {
          parts.push(part);
        }
        last = re.lastIndex;
        // switch on % code
        var code = match[0][1];
        switch (code) {
          case 's':
          case 'o':
            // check if enough arguments were given
            if (argi < arguments.length) {
              parts.push(arguments[argi++ + 1]);
            } else {
              parts.push('<?>');
            }
            break;
          // FIXME: do proper formating for numbers, etc
          //case 'f':
          //case 'd':
          case '%':
            parts.push('%');
            break;
          default:
            parts.push('<%' + code + '?>');
        }
      }
      // add trailing part of format string
      parts.push(format.substring(last));
      return parts.join('');
    };
  } // end module implementation

  return initModule(forge);
})();

/*
 * MessageDigest base API.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2015 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    forge.md = forge.md || {};

    // registered algorithms
    forge.md.algorithms = forge.md.algorithms || {};

    var ByteBuffer = forge.util.ByteBuffer;
    var _padding = null;

    /*
     * Creates a message digest object using the given algorithm. The algorithm
     * may be provided as a string value for a previously registered algorithm or
     * it may be given as a message digest algorithm API object.
     *
     * @param algorithm the algorithm to use, either a string or an algorithm API
     *          object.
     *
     * @return the message digest object.
     */
    forge.md.createMessageDigest = function (algorithm) {
      var api = algorithm;
      if (typeof api === 'string') {
        api = forge.md.getAlgorithm(api);
      }
      if (!api) {
        throw new Error('Unsupported algorithm: ' + algorithm);
      }

      // TODO: change _padding to buffer
      if (!_padding || _padding.length < api.blockSize) {
        // create shared padding
        _padding = String.fromCharCode(128);
        _padding += forge.util.fillString(
          String.fromCharCode(0x00), api.blockSize);
      }

      return new forge.md.MessageDigest({
        algorithm: api
      });
    };

    /*
     * Registers an algorithm by name. If the name was already registered, the
     * algorithm API object will be overwritten.
     *
     * @param name the name of the algorithm.
     * @param algorithm the algorithm API object.
     */
    forge.md.registerAlgorithm = function (name, algorithm) {
      forge.md.algorithms[name] = algorithm;

      // FIXME: backwards compatibility
      if (!('create' in algorithm)) {
        algorithm.create = function () {
          return forge.md.createMessageDigest(algorithm);
        };
      }
      forge.md[name] = algorithm;
    };

    /*
     * Gets a registered algorithm by name.
     *
     * @param name the name of the algorithm.
     *
     * @return the algorithm, if found, null if not.
     */
    forge.md.getAlgorithm = function (name) {
      if (name in forge.md.algorithms) {
        return forge.md.algorithms[name];
      }
      return null;
    };

    /*
     * Creates a new MessageDigest.
     *
     * @param options the options to use.
     *          algorithm the algorithm API.
     */
    var MessageDigest = forge.md.MessageDigest = function (options) {
      this._algorithm = options.algorithm;
      // FIXME: backwards compatibility
      this.algorithm = this._algorithm.name;
      this.digestLength = this._algorithm.digestLength;
      this.blockLength = this._algorithm.blockSize;

      // start digest automatically for first time
      this.start();
    };

    /*
     * Starts the digest.
     *
     * @return this digest object.
     */
    MessageDigest.prototype.start = function () {
      // up to 56-bit message length for convenience
      this.messageLength = 0;

      // full message length
      this.fullMessageLength = [];
      var int32s = this._algorithm.messageLengthSize / 4;
      for (var i = 0; i < int32s; ++i) {
        this.fullMessageLength.push(0);
      }

      // input buffer
      this._input = new ByteBuffer();

      // get starting state
      this.state = this._algorithm.start();

      return this;
    };

    /*
     * Updates the digest with the given message input. The input can be
     * a ByteBuffer or a string to be consumed using the specified-encoding.
     *
     * @param msg the message input to update with (ByteBuffer or string).
     * @param encoding the encoding to use (eg: 'utf8', 'binary',
     *          'hex', 'base64').
     *
     * @return this digest object.
     */
    MessageDigest.prototype.update = function (msg, encoding) {
      // TODO: remove copy, copying is caller's responsibility
      if (msg instanceof ByteBuffer) {
        msg = msg.copy();
      } else if (!encoding) {
        throw new Error('String encoding must be specified.');
      } else {
        msg = new ByteBuffer(msg, encoding);
      }

      // update message length
      this.messageLength += msg.length();
      var len = msg.length();
      len = [(len / 0x100000000) >>> 0, len >>> 0];
      for (var i = this.fullMessageLength.length - 1; i >= 0; --i) {
        this.fullMessageLength[i] += len[1];
        len[1] = len[0] + ((this.fullMessageLength[i] / 0x100000000) >>> 0);
        this.fullMessageLength[i] = this.fullMessageLength[i] >>> 0;
        len[0] = ((len[1] / 0x100000000) >>> 0);
      }

      // add bytes to input buffer
      this._input.putBuffer(msg);

      // digest blocks
      while (this._input.length() >= this._algorithm.blockSize) {
        this.state = this._algorithm.digest(this.state, this._input);
      }

      // compact input buffer every 2K or if empty
      if (this._input.read > 2048 || this._input.length() === 0) {
        this._input.compact();
      }

      return this;
    };

    /*
     * Produces the digest.
     *
     * @return a byte buffer containing the digest value.
     */
    MessageDigest.prototype.digest = function () {
      // TODO: May need to better abstract padding and writing message length
      // etc. in the future, but for now popular hashes generally all work the
      // same way.

      /* Note: Here we copy the remaining bytes in the input buffer and add the
      appropriate padding. Then we do the final update on a copy of the state so
      that if the user wants to get intermediate digests they can do so. */

      /* Determine the number of bytes that must be added to the message to
      ensure its length is appropriately congruent. In other words, the data to
      be digested must be a multiple of `blockSize`. This data includes the
      message, some padding, and the length of the message. Since the length of
      the message will be encoded as `messageLengthSize` bytes, that means that
      the last segment of the data must have `blockSize` - `messageLengthSize`
      bytes of message and padding. Therefore, the length of the message plus the
      padding must be congruent to X mod `blockSize` because
      `blockSize` - `messageLengthSize` = X.
    
      For example, SHA-1 is congruent to 448 mod 512 and SHA-512 is congruent to
      896 mod 1024. SHA-1 uses a `blockSize` of 64 bytes (512 bits) and a
      `messageLengthSize` of 8 bytes (64 bits). SHA-512 uses a `blockSize` of
      128 bytes (1024 bits) and a `messageLengthSize` of 16 bytes (128 bits).
    
      In order to fill up the message length it must be filled with padding that
      begins with 1 bit followed by all 0 bits. Padding must *always* be present,
      so if the message length is already congruent, then `blockSize` padding bits
      must be added. */

      // create final block
      var finalBlock = new ByteBuffer();
      finalBlock.putBytes(this._input.bytes());

      // compute remaining size to be digested (include message length size)
      var remaining = (
        this.fullMessageLength[this.fullMessageLength.length - 1] +
        this._algorithm.messageLengthSize);

      // add padding for overflow blockSize - overflow
      // _padding starts with 1 byte with first bit is set (byte value 128), then
      // there may be up to (blockSize - 1) other pad bytes
      var overflow = remaining & (this._algorithm.blockSize - 1);
      finalBlock.putBytes(_padding.substr(0, this._algorithm.blockSize - overflow));

      // serialize message length in bits in big-endian order; since length
      // is stored in bytes we multiply by 8 (left shift by 3 and merge in
      // remainder from )
      var messageLength = new ByteBuffer();
      for (var i = 0; i < this.fullMessageLength.length; ++i) {
        messageLength.putInt32((this.fullMessageLength[i] << 3) |
          (this.fullMessageLength[i + 1] >>> 28));
      }

      // write the length of the message (algorithm-specific)
      this._algorithm.writeMessageLength(finalBlock, messageLength);

      // digest final block
      var state = this._algorithm.digest(this.state.copy(), finalBlock);

      // write state to buffer
      var rval = new ByteBuffer();
      state.write(rval);
      return rval;
    };

    /*
     * Copies this MessageDigest in its current state.
     *
     * @return a copy of this MessageDigest.
     */
    MessageDigest.prototype.copy = function () {
      var rval = new MessageDigest({
        algorithm: this._algorithm
      });
      rval.state = this.state.copy();
      return rval;
    };

  } // end module implementation

  return initModule(forge);
})();

/*
 * Secure Hash Algorithm with 160-bit digest (SHA-1) implementation.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2015 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    var sha1 = forge.sha1 = forge.sha1 || {};

    // used for word storage
    var _w;

    // FIXME: backwards compatibility
    sha1.create = function () {
      return forge.md.createMessageDigest('sha1');
    };

    sha1.Algorithm = function () {
      this.name = 'sha1',
        this.blockSize = 64;
      this.digestLength = 20;
      this.messageLengthSize = 8;
    };

    sha1.Algorithm.prototype.start = function () {
      if (!_w) {
        _w = new Array(80);
      }
      return _createState();
    };

    sha1.Algorithm.prototype.writeMessageLength = function (
      finalBlock, messageLength) {
      // message length is in bits and in big-endian order; simply append
      finalBlock.putBuffer(messageLength);
    };

    sha1.Algorithm.prototype.digest = function (s, input) {
      // consume 512 bit (64 byte) chunks
      var t, a, b, c, d, e, f, i;
      var len = input.length();
      while (len >= 64) {
        // initialize hash value for this chunk
        a = s.h0;
        b = s.h1;
        c = s.h2;
        d = s.h3;
        e = s.h4;

        // the _w array will be populated with sixteen 32-bit big-endian words
        // and then extended into 80 32-bit words according to SHA-1 algorithm
        // and for 32-79 using Max Locktyukhin's optimization

        // round 1
        for (i = 0; i < 16; ++i) {
          t = input.getInt32();
          _w[i] = t;
          f = d ^ (b & (c ^ d));
          t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }
        for (; i < 20; ++i) {
          t = (_w[i - 3] ^ _w[i - 8] ^ _w[i - 14] ^ _w[i - 16]);
          t = (t << 1) | (t >>> 31);
          _w[i] = t;
          f = d ^ (b & (c ^ d));
          t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }
        // round 2
        for (; i < 32; ++i) {
          t = (_w[i - 3] ^ _w[i - 8] ^ _w[i - 14] ^ _w[i - 16]);
          t = (t << 1) | (t >>> 31);
          _w[i] = t;
          f = b ^ c ^ d;
          t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }
        for (; i < 40; ++i) {
          t = (_w[i - 6] ^ _w[i - 16] ^ _w[i - 28] ^ _w[i - 32]);
          t = (t << 2) | (t >>> 30);
          _w[i] = t;
          f = b ^ c ^ d;
          t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }
        // round 3
        for (; i < 60; ++i) {
          t = (_w[i - 6] ^ _w[i - 16] ^ _w[i - 28] ^ _w[i - 32]);
          t = (t << 2) | (t >>> 30);
          _w[i] = t;
          f = (b & c) | (d & (b ^ c));
          t = ((a << 5) | (a >>> 27)) + f + e + 0x8F1BBCDC + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }
        // round 4
        for (; i < 80; ++i) {
          t = (_w[i - 6] ^ _w[i - 16] ^ _w[i - 28] ^ _w[i - 32]);
          t = (t << 2) | (t >>> 30);
          _w[i] = t;
          f = b ^ c ^ d;
          t = ((a << 5) | (a >>> 27)) + f + e + 0xCA62C1D6 + t;
          e = d;
          d = c;
          c = (b << 30) | (b >>> 2);
          b = a;
          a = t;
        }

        // update hash state
        s.h0 = (s.h0 + a) | 0;
        s.h1 = (s.h1 + b) | 0;
        s.h2 = (s.h2 + c) | 0;
        s.h3 = (s.h3 + d) | 0;
        s.h4 = (s.h4 + e) | 0;

        len -= 64;
      }

      return s;
    };

    forge.md.registerAlgorithm('sha1', new forge.sha1.Algorithm());

    function _createState() {
      var state = {
        h0: 0x67452301,
        h1: 0xEFCDAB89,
        h2: 0x98BADCFE,
        h3: 0x10325476,
        h4: 0xC3D2E1F0
      };
      state.copy = function () {
        var rval = _createState();
        rval.h0 = state.h0;
        rval.h1 = state.h1;
        rval.h2 = state.h2;
        rval.h3 = state.h3;
        rval.h4 = state.h4;
        return rval;
      };
      state.write = function (buffer) {
        buffer.putInt32(state.h0);
        buffer.putInt32(state.h1);
        buffer.putInt32(state.h2);
        buffer.putInt32(state.h3);
        buffer.putInt32(state.h4);
      };
      return state;
    }

  } // end module implementation

  return initModule(forge);
})();

/*
 * Supported cipher modes.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    forge.cipher = forge.cipher || {};

    // supported cipher modes
    var modes = forge.cipher.modes = forge.cipher.modes || {};

    var ByteBuffer = forge.util.ByteBuffer;

    /** Electronic codebook (ECB) (Don't use this; it's not secure) **/

    modes.ecb = function (options) {
      options = options || {};
      this.name = 'ECB';
      this.cipher = options.cipher;
      this.blockSize = options.blockSize || 16;
      this._blocks = this.blockSize / 4;
      this._inBlock = new Array(this._blocks);
      this._outBlock = new Array(this._blocks);
    };

    modes.ecb.prototype.start = function (options) { };

    modes.ecb.prototype.encrypt = function (input, output) {
      // get next block
      for (var i = 0; i < this._blocks; ++i) {
        this._inBlock[i] = input.getInt32();
      }

      // encrypt block
      this.cipher.encrypt(this._inBlock, this._outBlock);

      // write output
      for (var i = 0; i < this._blocks; ++i) {
        output.putInt32(this._outBlock[i]);
      }
    };

    modes.ecb.prototype.decrypt = function (input, output) {
      // get next block
      for (var i = 0; i < this._blocks; ++i) {
        this._inBlock[i] = input.getInt32();
      }

      // decrypt block
      this.cipher.decrypt(this._inBlock, this._outBlock);

      // write output
      for (var i = 0; i < this._blocks; ++i) {
        output.putInt32(this._outBlock[i]);
      }
    };

    modes.ecb.prototype.pad = function (input, options) {
      // add PKCS#7 padding to block (each pad byte is the
      // value of the number of pad bytes)
      var padding = (input.length() === this.blockSize ?
        this.blockSize : (this.blockSize - input.length()));
      input.fillWithByte(padding, padding);
      return true;
    };

    modes.ecb.prototype.unpad = function (output, options) {
      // check for error: input data not a multiple of blockSize
      if (options.overflow > 0) {
        return false;
      }

      // ensure padding byte count is valid
      var len = output.length();
      var count = output.at(len - 1);
      if (count > (this.blockSize << 2)) {
        return false;
      }

      // trim off padding bytes
      output.truncate(count);
      return true;
    };


    /* Cipher-block Chaining (CBC) */

    modes.cbc = function (options) {
      options = options || {};
      this.name = 'CBC';
      this.cipher = options.cipher;
      this.blockSize = options.blockSize || 16;
      this._blocks = this.blockSize / 4;
      this._inBlock = new Array(this._blocks);
      this._outBlock = new Array(this._blocks);
    };

    modes.cbc.prototype.start = function (options) {
      // Note: legacy support for using IV residue (has security flaws)
      // if IV is null, reuse block from previous processing
      if (options.iv === null) {
        // must have a previous block
        if (!this._prev) {
          throw new Error('Invalid IV parameter.');
        }
        this._iv = this._prev.slice(0);
      } else if ('iv' in options) {
        // save IV as "previous" block
        this._iv = transformIV(options.iv, this.blockSize);
        this._prev = this._iv.slice(0);
      } else {
        throw new Error('Invalid IV parameter.');
      }
    };

    modes.cbc.prototype.encrypt = function (input, output) {
      // get next block
      // CBC XOR's IV (or previous block) with plaintext
      for (var i = 0; i < this._blocks; ++i) {
        this._inBlock[i] = this._prev[i] ^ input.getInt32();
      }

      // encrypt block
      this.cipher.encrypt(this._inBlock, this._outBlock);

      // write output, save previous block
      for (var i = 0; i < this._blocks; ++i) {
        output.putInt32(this._outBlock[i]);
      }
      this._prev = this._outBlock;
    };

    modes.cbc.prototype.decrypt = function (input, output) {
      // get next block
      for (var i = 0; i < this._blocks; ++i) {
        this._inBlock[i] = input.getInt32();
      }

      // decrypt block
      this.cipher.decrypt(this._inBlock, this._outBlock);

      // write output, save previous ciphered block
      // CBC XOR's IV (or previous block) with ciphertext
      for (var i = 0; i < this._blocks; ++i) {
        output.putInt32(this._prev[i] ^ this._outBlock[i]);
      }
      this._prev = this._inBlock.slice(0);
    };

    modes.cbc.prototype.pad = function (input, options) {
      // add PKCS#7 padding to block (each pad byte is the
      // value of the number of pad bytes)
      var padding = (input.length() === this.blockSize ?
        this.blockSize : (this.blockSize - input.length()));
      input.fillWithByte(padding, padding);
      return true;
    };

    modes.cbc.prototype.unpad = function (output, options) {
      // check for error: input data not a multiple of blockSize
      if (options.overflow > 0) {
        return false;
      }

      // ensure padding byte count is valid
      var len = output.length();
      var count = output.at(len - 1);
      if (count > (this.blockSize << 2)) {
        return false;
      }

      // trim off padding bytes
      output.truncate(count);
      return true;
    };
    /* Utility functions */

    function transformIV(iv, blockSize) {
      if (!(iv instanceof ByteBuffer)) {
        throw new TypeError('iv must be a ByteBuffer.');
      }
      if (iv.length() < blockSize) {
        throw new Error(
          'iv must contain at least ' + blockSize + ' bytes, got ' +
          iv.length() + '.');
      }
      // convert iv byte buffer into 32-bit integer array
      iv = iv.copy();
      var rval = [];
      for (var i = 0; i < blockSize; i += 4) {
        rval.push(iv.getInt32());
      }
      return rval;
    }

    function inc32(block) {
      // increment last 32 bits of block only
      block[block.length - 1] = (block[block.length - 1] + 1) & 0xFFFFFFFF;
    }

    function from64To32(num) {
      // convert 64-bit number to two BE Int32s
      return [(num / 0x100000000) | 0, num & 0xFFFFFFFF];
    }


  } // end module implementation

  return initModule(forge);
})();

/*
 * Cipher base API.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    forge.cipher = forge.cipher || {};

    // registered algorithms
    forge.cipher.algorithms = forge.cipher.algorithms || {};

    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * Creates a cipher object that can be used to encrypt data using the given
     * algorithm and key. The algorithm may be provided as a string value for a
     * previously registered algorithm or it may be given as a cipher algorithm
     * API object.
     *
     * @param algorithm the algorithm to use, either a string or an algorithm API
     *          object.
     * @param key the key to use, as a ByteBuffer.
     *
     * @return the cipher.
     */
    forge.cipher.createCipher = function (algorithm, key) {
      var api = algorithm;
      if (typeof api === 'string') {
        api = forge.cipher.getAlgorithm(api);
        if (api) {
          api = api();
        }
      }
      if (!api) {
        throw new Error('Unsupported algorithm: ' + algorithm);
      }

      if (!(key instanceof ByteBuffer)) {
        throw new TypeError('key must be a ByteBuffer.');
      }

      // assume block cipher
      return new forge.cipher.BlockCipher({
        algorithm: api,
        key: key,
        decrypt: false
      });
    };

    /*
     * Registers an algorithm by name. If the name was already registered, the
     * algorithm API object will be overwritten.
     *
     * @param name the name of the algorithm.
     * @param algorithm the algorithm API object.
     */
    forge.cipher.registerAlgorithm = function (name, algorithm) {
      name = name.toUpperCase();
      forge.cipher.algorithms[name] = algorithm;
    };

    /*
     * Gets a registered algorithm by name.
     *
     * @param name the name of the algorithm.
     *
     * @return the algorithm, if found, null if not.
     */
    forge.cipher.getAlgorithm = function (name) {
      name = name.toUpperCase();
      if (name in forge.cipher.algorithms) {
        return forge.cipher.algorithms[name];
      }
      return null;
    };

    var BlockCipher = forge.cipher.BlockCipher = function (options) {
      this.algorithm = options.algorithm;
      this.mode = this.algorithm.mode;
      this.blockSize = this.mode.blockSize;
      this._finish = false;
      this._input = null;
      this.output = null;
      this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt;
      this._decrypt = options.decrypt;
      this.algorithm.initialize(options);
    };

    /*
     * Starts or restarts the encryption or decryption process, whichever
     * was previously configured.
     *
     * For non-GCM mode, the IV must be a ByteBuffer with at least 16 bytes.
     *
     * For GCM-mode, the IV must be a ByteBuffer with at least 12 bytes (96 bits)
     * as recommended by NIST SP-800-38D but another length may be given.
     *
     * @param options the options to use:
     *          iv the initialization vector to use as a ByteBuffer, null to reuse
     *            the last ciphered block from a previous update() (this
     *            "residue" method is for legacy support only and is considered
     *            insecure).
     *          additionalData additional authentication data as a ByteBuffer,
     *            for 'GCM' mode, (default: none).
     *          tagLength desired length of authentication tag, in bits, for
     *            'GCM' mode (0-128, default: 128).
     *          tag the authentication tag to check if decrypting, as a
     *             ByteBuffer.
     *          output the output ByteBuffer to write to, null to create one.
     *
     * @return this cipher for chaining.
     */
    BlockCipher.prototype.start = function (options) {
      options = options || {};
      var opts = {};
      for (var key in options) {
        opts[key] = options[key];
      }
      if (opts.iv && !(opts.iv instanceof ByteBuffer)) {
        throw new TypeError('options.iv must be a ByteBuffer.');
      }
      if (opts.additionalData && !(opts.additionalData instanceof ByteBuffer)) {
        throw new TypeError('options.additionalData must be a ByteBuffer.');
      }
      if (opts.tag && !(opts.tag instanceof ByteBuffer)) {
        throw new TypeError('options.tag must be a ByteBuffer.');
      }

      opts.decrypt = this._decrypt;
      this._finish = false;
      this._input = new ByteBuffer();
      this.output = options.output || new ByteBuffer();
      this.mode.start(opts);

      return this;
    };

    /*
     * Updates the next block according to the cipher mode.
     *
     * @param input the ByteBuffer to read from.
     *
     * @return this cipher for chaining.
     */
    BlockCipher.prototype.update = function (input) {
      if (!this._finish) {
        // not finishing, so fill the input buffer with more input
        if (!(input instanceof ByteBuffer)) {
          throw new TypeError('input must be a ByteBuffer.');
        }
        this._input.putBuffer(input);
      }

      // do cipher operation while input contains full blocks or if finishing
      while (this._input.length() >= this.blockSize ||
        (this._input.length() > 0 && this._finish)) {
        this._op.call(this.mode, this._input, this.output);
      }

      // free consumed memory from input buffer
      this._input.compact();

      return this;
    };

    /*
     * Finishes encrypting or decrypting.
     *
     * @param pad a padding function to use in CBC mode, null for default,
     *          signature(blockSize, buffer, decrypt).
     *
     * @return true if successful, false on error.
     */
    BlockCipher.prototype.finish = function (pad) {
      // backwards-compatibility w/deprecated padding API
      // Note: will overwrite padding functions even after another start() call
      if (pad && this.mode.name === 'CBC') {
        this.mode.pad = function (input) {
          return pad(this.blockSize, input, false);
        };
        this.mode.unpad = function (output) {
          return pad(this.blockSize, output, true);
        };
      }

      // build options for padding and afterFinish functions
      var options = {};
      options.decrypt = this._decrypt;

      // get # of bytes that won't fill a block
      options.overflow = this._input.length() % this.blockSize;

      if (!this._decrypt && this.mode.pad) {
        if (!this.mode.pad(this._input, options)) {
          return false;
        }
      }

      // do final update
      this._finish = true;
      this.update();

      if (this._decrypt && this.mode.unpad) {
        if (!this.mode.unpad(this.output, options)) {
          return false;
        }
      }

      if (this.mode.afterFinish) {
        if (!this.mode.afterFinish(this.output, options)) {
          return false;
        }
      }

      return true;
    };

  } // end module implementation

  return initModule(forge);
})();


/*
 * Advanced Encryption Standard (AES) implementation.
 *
 * This implementation is based on the public domain library 'jscrypto' which
 * was written by:
 *
 * Emily Stark (estark@stanford.edu)
 * Mike Hamburg (mhamburg@stanford.edu)
 * Dan Boneh (dabo@cs.stanford.edu)
 *
 * Parts of this code are based on the OpenSSL implementation of AES:
 * http://www.openssl.org
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    /* AES API */
    forge.aes = forge.aes || {};

    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * Creates a new AES cipher algorithm object.
     *
     * @param name the name of the algorithm.
     * @param mode the mode factory function.
     *
     * @return the AES algorithm object.
     */
    forge.aes.Algorithm = function (name, mode) {
      if (!init) {
        initialize();
      }
      var self = this;
      self.name = name;
      self.mode = new mode({
        blockSize: 16,
        cipher: {
          encrypt: function (inBlock, outBlock) {
            return _updateBlock(self._w, inBlock, outBlock, false);
          },
          decrypt: function (inBlock, outBlock) {
            return _updateBlock(self._w, inBlock, outBlock, true);
          }
        }
      });
      self._init = false;
    };

    /*
     * Initializes this AES algorithm by expanding its key.
     *
     * @param options the options to use.
     *          key the key, as a ByteBuffer, to use with this algorithm.
     *          decrypt true if the algorithm should be initialized for decryption,
     *            false for encryption.
     */
    forge.aes.Algorithm.prototype.initialize = function (options) {
      if (this._init) {
        return;
      }

      if (!(options.key instanceof ByteBuffer)) {
        throw new TypeError('options.key must be a ByteBuffer.');
      }

      // convert key into 32-bit integer array
      var key = [];

      // key lengths of 16, 24, 32 bytes allowed
      var len = options.key.length();
      if (len !== 16 && len !== 24 && len !== 32) {
        throw new Error(
          'options.key length must be 16 (AES-128), 24 (AES-192), ' +
          'or 32 (AES-256) bytes, got ' + len + ' bytes.');
      }
      var buf = options.key.copy();
      len = len >>> 2;
      for (var i = 0; i < len; ++i) {
        key.push(buf.getInt32());
      }

      // encryption operation is always used for these modes
      var mode = this.mode.name;
      //var encryptOp = (['CFB', 'OFB', 'CTR', 'GCM'].indexOf(mode) !== -1);

      // do key expansion
      this._w = _expandKey(key, options.decrypt && true/*!encryptOp*/);
      this._init = true;
    };

    /*
     * Expands a key. Typically only used for testing.
     *
     * @param key the symmetric key to expand, as an array of 32-bit words.
     * @param decrypt true to expand for decryption, false for encryption.
     *
     * @return the expanded key.
     */
    forge.aes._expandKey = function (key, decrypt) {
      if (!init) {
        initialize();
      }
      return _expandKey(key, decrypt);
    };

    /*
     * Updates a single block. Typically only used for testing.
     *
     * @param w the expanded key to use.
     * @param input an array of block-size 32-bit words.
     * @param output an array of block-size 32-bit words.
     * @param decrypt true to decrypt, false to encrypt.
     */
    forge.aes._updateBlock = _updateBlock;


    /** Register AES algorithms **/

    registerAlgorithm('AES-CBC', forge.cipher.modes.cbc);

    function registerAlgorithm(name, mode) {
      var factory = function () {
        return new forge.aes.Algorithm(name, mode);
      };
      forge.cipher.registerAlgorithm(name, factory);
    }


    /** AES implementation **/

    var init = false; // not yet initialized
    var Nb = 4;       // number of words comprising the state (AES = 4)
    var sbox;         // non-linear substitution table used in key expansion
    var isbox;        // inversion of sbox
    var rcon;         // round constant word array
    var mix;          // mix-columns table
    var imix;         // inverse mix-columns table

    /*
     * Performs initialization, ie: precomputes tables to optimize for speed.
     *
     * One way to understand how AES works is to imagine that 'addition' and
     * 'multiplication' are interfaces that require certain mathematical
     * properties to hold true (ie: they are associative) but they might have
     * different implementations and produce different kinds of results ...
     * provided that their mathematical properties remain true. AES defines
     * its own methods of addition and multiplication but keeps some important
     * properties the same, ie: associativity and distributivity. The
     * explanation below tries to shed some light on how AES defines addition
     * and multiplication of bytes and 32-bit words in order to perform its
     * encryption and decryption algorithms.
     *
     * The basics:
     *
     * The AES algorithm views bytes as binary representations of polynomials
     * that have either 1 or 0 as the coefficients. It defines the addition
     * or subtraction of two bytes as the XOR operation. It also defines the
     * multiplication of two bytes as a finite field referred to as GF(2^8)
     * (Note: 'GF' means "Galois Field" which is a field that contains a finite
     * number of elements so GF(2^8) has 256 elements).
     *
     * This means that any two bytes can be represented as binary polynomials;
     * when they multiplied together and modularly reduced by an irreducible
     * polynomial of the 8th degree, the results are the field GF(2^8). The
     * specific irreducible polynomial that AES uses in hexadecimal is 0x11b.
     * This multiplication is associative with 0x01 as the identity:
     *
     * (b * 0x01 = GF(b, 0x01) = b).
     *
     * The operation GF(b, 0x02) can be performed at the byte level by left
     * shifting b once and then XOR'ing it (to perform the modular reduction)
     * with 0x11b if b is >= 128. Repeated application of the multiplication
     * of 0x02 can be used to implement the multiplication of any two bytes.
     *
     * For instance, multiplying 0x57 and 0x13, denoted as GF(0x57, 0x13), can
     * be performed by factoring 0x13 into 0x01, 0x02, and 0x10. Then these
     * factors can each be multiplied by 0x57 and then added together. To do
     * the multiplication, values for 0x57 multiplied by each of these 3 factors
     * can be precomputed and stored in a table. To add them, the values from
     * the table are XOR'd together.
     *
     * AES also defines addition and multiplication of words, that is 4-byte
     * numbers represented as polynomials of 3 degrees where the coefficients
     * are the values of the bytes.
     *
     * The word [a0, a1, a2, a3] is a polynomial a3x^3 + a2x^2 + a1x + a0.
     *
     * Addition is performed by XOR'ing like powers of x. Multiplication
     * is performed in two steps, the first is an algebriac expansion as
     * you would do normally (where addition is XOR). But the result is
     * a polynomial larger than 3 degrees and thus it cannot fit in a word. So
     * next the result is modularly reduced by an AES-specific polynomial of
     * degree 4 which will always produce a polynomial of less than 4 degrees
     * such that it will fit in a word. In AES, this polynomial is x^4 + 1.
     *
     * The modular product of two polynomials 'a' and 'b' is thus:
     *
     * d(x) = d3x^3 + d2x^2 + d1x + d0
     * with
     * d0 = GF(a0, b0) ^ GF(a3, b1) ^ GF(a2, b2) ^ GF(a1, b3)
     * d1 = GF(a1, b0) ^ GF(a0, b1) ^ GF(a3, b2) ^ GF(a2, b3)
     * d2 = GF(a2, b0) ^ GF(a1, b1) ^ GF(a0, b2) ^ GF(a3, b3)
     * d3 = GF(a3, b0) ^ GF(a2, b1) ^ GF(a1, b2) ^ GF(a0, b3)
     *
     * As a matrix:
     *
     * [d0] = [a0 a3 a2 a1][b0]
     * [d1]   [a1 a0 a3 a2][b1]
     * [d2]   [a2 a1 a0 a3][b2]
     * [d3]   [a3 a2 a1 a0][b3]
     *
     * Special polynomials defined by AES (0x02 == {02}):
     * a(x)    = {03}x^3 + {01}x^2 + {01}x + {02}
     * a^-1(x) = {0b}x^3 + {0d}x^2 + {09}x + {0e}.
     *
     * These polynomials are used in the MixColumns() and InverseMixColumns()
     * operations, respectively, to cause each element in the state to affect
     * the output (referred to as diffusing).
     *
     * RotWord() uses: a0 = a1 = a2 = {00} and a3 = {01}, which is the
     * polynomial x3.
     *
     * The ShiftRows() method modifies the last 3 rows in the state (where
     * the state is 4 words with 4 bytes per word) by shifting bytes cyclically.
     * The 1st byte in the second row is moved to the end of the row. The 1st
     * and 2nd bytes in the third row are moved to the end of the row. The 1st,
     * 2nd, and 3rd bytes are moved in the fourth row.
     *
     * More details on how AES arithmetic works:
     *
     * In the polynomial representation of binary numbers, XOR performs addition
     * and subtraction and multiplication in GF(2^8) denoted as GF(a, b)
     * corresponds with the multiplication of polynomials modulo an irreducible
     * polynomial of degree 8. In other words, for AES, GF(a, b) will multiply
     * polynomial 'a' with polynomial 'b' and then do a modular reduction by
     * an AES-specific irreducible polynomial of degree 8.
     *
     * A polynomial is irreducible if its only divisors are one and itself. For
     * the AES algorithm, this irreducible polynomial is:
     *
     * m(x) = x^8 + x^4 + x^3 + x + 1,
     *
     * or {01}{1b} in hexadecimal notation, where each coefficient is a bit:
     * 100011011 = 283 = 0x11b.
     *
     * For example, GF(0x57, 0x83) = 0xc1 because
     *
     * 0x57 = 87  = 01010111 = x^6 + x^4 + x^2 + x + 1
     * 0x85 = 131 = 10000101 = x^7 + x + 1
     *
     * (x^6 + x^4 + x^2 + x + 1) * (x^7 + x + 1)
     * =  x^13 + x^11 + x^9 + x^8 + x^7 +
     *    x^7 + x^5 + x^3 + x^2 + x +
     *    x^6 + x^4 + x^2 + x + 1
     * =  x^13 + x^11 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + 1 = y
     *    y modulo (x^8 + x^4 + x^3 + x + 1)
     * =  x^7 + x^6 + 1.
     *
     * The modular reduction by m(x) guarantees the result will be a binary
     * polynomial of less than degree 8, so that it can fit in a byte.
     *
     * The operation to multiply a binary polynomial b with x (the polynomial
     * x in binary representation is 00000010) is:
     *
     * b_7x^8 + b_6x^7 + b_5x^6 + b_4x^5 + b_3x^4 + b_2x^3 + b_1x^2 + b_0x^1
     *
     * To get GF(b, x) we must reduce that by m(x). If b_7 is 0 (that is the
     * most significant bit is 0 in b) then the result is already reduced. If
     * it is 1, then we can reduce it by subtracting m(x) via an XOR.
     *
     * It follows that multiplication by x (00000010 or 0x02) can be implemented
     * by performing a left shift followed by a conditional bitwise XOR with
     * 0x1b. This operation on bytes is denoted by xtime(). Multiplication by
     * higher powers of x can be implemented by repeated application of xtime().
     *
     * By adding intermediate results, multiplication by any constant can be
     * implemented. For instance:
     *
     * GF(0x57, 0x13) = 0xfe because:
     *
     * xtime(b) = (b & 128) ? (b << 1 ^ 0x11b) : (b << 1)
     *
     * Note: We XOR with 0x11b instead of 0x1b because in javascript our
     * datatype for b can be larger than 1 byte, so a left shift will not
     * automatically eliminate bits that overflow a byte ... by XOR'ing the
     * overflow bit with 1 (the extra one from 0x11b) we zero it out.
     *
     * GF(0x57, 0x02) = xtime(0x57) = 0xae
     * GF(0x57, 0x04) = xtime(0xae) = 0x47
     * GF(0x57, 0x08) = xtime(0x47) = 0x8e
     * GF(0x57, 0x10) = xtime(0x8e) = 0x07
     *
     * GF(0x57, 0x13) = GF(0x57, (0x01 ^ 0x02 ^ 0x10))
     *
     * And by the distributive property (since XOR is addition and GF() is
     * multiplication):
     *
     * = GF(0x57, 0x01) ^ GF(0x57, 0x02) ^ GF(0x57, 0x10)
     * = 0x57 ^ 0xae ^ 0x07
     * = 0xfe.
     */
    function initialize() {
      init = true;

      /* Populate the Rcon table. These are the values given by
        [x^(i-1),{00},{00},{00}] where x^(i-1) are powers of x (and x = 0x02)
        in the field of GF(2^8), where i starts at 1.
    
        rcon[0] = [0x00, 0x00, 0x00, 0x00]
        rcon[1] = [0x01, 0x00, 0x00, 0x00] 2^(1-1) = 2^0 = 1
        rcon[2] = [0x02, 0x00, 0x00, 0x00] 2^(2-1) = 2^1 = 2
        ...
        rcon[9]  = [0x1B, 0x00, 0x00, 0x00] 2^(9-1)  = 2^8 = 0x1B
        rcon[10] = [0x36, 0x00, 0x00, 0x00] 2^(10-1) = 2^9 = 0x36
    
        We only store the first byte because it is the only one used.
      */
      rcon = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36];

      // compute xtime table which maps i onto GF(i, 0x02)
      var xtime = new Array(256);
      for (var i = 0; i < 128; ++i) {
        xtime[i] = i << 1;
        xtime[i + 128] = (i + 128) << 1 ^ 0x11B;
      }

      // compute all other tables
      sbox = new Array(256);
      isbox = new Array(256);
      mix = new Array(4);
      imix = new Array(4);
      for (var i = 0; i < 4; ++i) {
        mix[i] = new Array(256);
        imix[i] = new Array(256);
      }
      var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime;
      for (var i = 0; i < 256; ++i) {
        /* We need to generate the SubBytes() sbox and isbox tables so that
          we can perform byte substitutions. This requires us to traverse
          all of the elements in GF, find their multiplicative inverses,
          and apply to each the following affine transformation:
    
          bi' = bi ^ b(i + 4) mod 8 ^ b(i + 5) mod 8 ^ b(i + 6) mod 8 ^
                b(i + 7) mod 8 ^ ci
          for 0 <= i < 8, where bi is the ith bit of the byte, and ci is the
          ith bit of a byte c with the value {63} or {01100011}.
    
          It is possible to traverse every possible value in a Galois field
          using what is referred to as a 'generator'. There are many
          generators (128 out of 256): 3,5,6,9,11,82 to name a few. To fully
          traverse GF we iterate 255 times, multiplying by our generator
          each time.
    
          On each iteration we can determine the multiplicative inverse for
          the current element.
    
          Suppose there is an element in GF 'e'. For a given generator 'g',
          e = g^x. The multiplicative inverse of e is g^(255 - x). It turns
          out that if use the inverse of a generator as another generator
          it will produce all of the corresponding multiplicative inverses
          at the same time. For this reason, we choose 5 as our inverse
          generator because it only requires 2 multiplies and 1 add and its
          inverse, 82, requires relatively few operations as well.
    
          In order to apply the affine transformation, the multiplicative
          inverse 'ei' of 'e' can be repeatedly XOR'd (4 times) with a
          bit-cycling of 'ei'. To do this 'ei' is first stored in 's' and
          'x'. Then 's' is left shifted and the high bit of 's' is made the
          low bit. The resulting value is stored in 's'. Then 'x' is XOR'd
          with 's' and stored in 'x'. On each subsequent iteration the same
          operation is performed. When 4 iterations are complete, 'x' is
          XOR'd with 'c' (0x63) and the transformed value is stored in 'x'.
          For example:
    
          s = 01000001
          x = 01000001
    
          iteration 1: s = 10000010, x ^= s
          iteration 2: s = 00000101, x ^= s
          iteration 3: s = 00001010, x ^= s
          iteration 4: s = 00010100, x ^= s
          x ^= 0x63
    
          This can be done with a loop where s = (s << 1) | (s >> 7). However,
          it can also be done by using a single 16-bit (in this case 32-bit)
          number 'sx'. Since XOR is an associative operation, we can set 'sx'
          to 'ei' and then XOR it with 'sx' left-shifted 1,2,3, and 4 times.
          The most significant bits will flow into the high 8 bit positions
          and be correctly XOR'd with one another. All that remains will be
          to cycle the high 8 bits by XOR'ing them all with the lower 8 bits
          afterwards.
    
          At the same time we're populating sbox and isbox we can precompute
          the multiplication we'll need to do to do MixColumns() later.
        */

        // apply affine transformation
        sx = ei ^ (ei << 1) ^ (ei << 2) ^ (ei << 3) ^ (ei << 4);
        sx = (sx >> 8) ^ (sx & 255) ^ 0x63;

        // update tables
        sbox[e] = sx;
        isbox[sx] = e;

        /* Mixing columns is done using matrix multiplication. The columns
          that are to be mixed are each a single word in the current state.
          The state has Nb columns (4 columns). Therefore each column is a
          4 byte word. So to mix the columns in a single column 'c' where
          its rows are r0, r1, r2, and r3, we use the following matrix
          multiplication:
    
          [2 3 1 1]*[r0,c]=[r'0,c]
          [1 2 3 1] [r1,c] [r'1,c]
          [1 1 2 3] [r2,c] [r'2,c]
          [3 1 1 2] [r3,c] [r'3,c]
    
          r0, r1, r2, and r3 are each 1 byte of one of the words in the
          state (a column). To do matrix multiplication for each mixed
          column c' we multiply the corresponding row from the left matrix
          with the corresponding column from the right matrix. In total, we
          get 4 equations:
    
          r0,c' = 2*r0,c + 3*r1,c + 1*r2,c + 1*r3,c
          r1,c' = 1*r0,c + 2*r1,c + 3*r2,c + 1*r3,c
          r2,c' = 1*r0,c + 1*r1,c + 2*r2,c + 3*r3,c
          r3,c' = 3*r0,c + 1*r1,c + 1*r2,c + 2*r3,c
    
          As usual, the multiplication is as previously defined and the
          addition is XOR. In order to optimize mixing columns we can store
          the multiplication results in tables. If you think of the whole
          column as a word (it might help to visualize by mentally rotating
          the equations above by counterclockwise 90 degrees) then you can
          see that it would be useful to map the multiplications performed on
          each byte (r0, r1, r2, r3) onto a word as well. For instance, we
          could map 2*r0,1*r0,1*r0,3*r0 onto a word by storing 2*r0 in the
          highest 8 bits and 3*r0 in the lowest 8 bits (with the other two
          respectively in the middle). This means that a table can be
          constructed that uses r0 as an index to the word. We can do the
          same with r1, r2, and r3, creating a total of 4 tables.
    
          To construct a full c', we can just look up each byte of c in
          their respective tables and XOR the results together.
    
          Also, to build each table we only have to calculate the word
          for 2,1,1,3 for every byte ... which we can do on each iteration
          of this loop since we will iterate over every byte. After we have
          calculated 2,1,1,3 we can get the results for the other tables
          by cycling the byte at the end to the beginning. For instance
          we can take the result of table 2,1,1,3 and produce table 3,2,1,1
          by moving the right most byte to the left most position just like
          how you can imagine the 3 moved out of 2,1,1,3 and to the front
          to produce 3,2,1,1.
    
          There is another optimization in that the same multiples of
          the current element we need in order to advance our generator
          to the next iteration can be reused in performing the 2,1,1,3
          calculation. We also calculate the inverse mix column tables,
          with e,9,d,b being the inverse of 2,1,1,3.
    
          When we're done, and we need to actually mix columns, the first
          byte of each state word should be put through mix[0] (2,1,1,3),
          the second through mix[1] (3,2,1,1) and so forth. Then they should
          be XOR'd together to produce the fully mixed column.
        */

        // calculate mix and imix table values
        sx2 = xtime[sx];
        e2 = xtime[e];
        e4 = xtime[e2];
        e8 = xtime[e4];
        me =
          (sx2 << 24) ^  // 2
          (sx << 16) ^   // 1
          (sx << 8) ^    // 1
          (sx ^ sx2);    // 3
        ime =
          (e2 ^ e4 ^ e8) << 24 ^  // E (14)
          (e ^ e8) << 16 ^        // 9
          (e ^ e4 ^ e8) << 8 ^    // D (13)
          (e ^ e2 ^ e8);          // B (11)
        // produce each of the mix tables by rotating the 2,1,1,3 value
        for (var n = 0; n < 4; ++n) {
          mix[n][e] = me;
          imix[n][sx] = ime;
          // cycle the right most byte to the left most position
          // ie: 2,1,1,3 becomes 3,2,1,1
          me = me << 24 | me >>> 8;
          ime = ime << 24 | ime >>> 8;
        }

        // get next element and inverse
        if (e === 0) {
          // 1 is the inverse of 1
          e = ei = 1;
        } else {
          // e = 2e + 2*2*2*(10e)) = multiply e by 82 (chosen generator)
          // ei = ei + 2*2*ei = multiply ei by 5 (inverse generator)
          e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]];
          ei ^= xtime[xtime[ei]];
        }
      }
    }

    /*
     * Generates a key schedule using the AES key expansion algorithm.
     *
     * The AES algorithm takes the Cipher Key, K, and performs a Key Expansion
     * routine to generate a key schedule. The Key Expansion generates a total
     * of Nb*(Nr + 1) words: the algorithm requires an initial set of Nb words,
     * and each of the Nr rounds requires Nb words of key data. The resulting
     * key schedule consists of a linear array of 4-byte words, denoted [wi ],
     * with i in the range 0 �� i < Nb(Nr + 1).
     *
     * KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk)
     * AES-128 (Nb=4, Nk=4, Nr=10)
     * AES-192 (Nb=4, Nk=6, Nr=12)
     * AES-256 (Nb=4, Nk=8, Nr=14)
     * Note: Nr=Nk+6.
     *
     * Nb is the number of columns (32-bit words) comprising the State (or
     * number of bytes in a block). For AES, Nb=4.
     *
     * @param key the key to schedule (as an array of 32-bit words).
     * @param decrypt true to modify the key schedule to decrypt, false not to.
     *
     * @return the generated key schedule.
     */
    function _expandKey(key, decrypt) {
      // copy the key's words to initialize the key schedule
      var w = key.slice(0);

      /* RotWord() will rotate a word, moving the first byte to the last
        byte's position (shifting the other bytes left).
    
        We will be getting the value of Rcon at i / Nk. 'i' will iterate
        from Nk to (Nb * Nr+1). Nk = 4 (4 byte key), Nb = 4 (4 words in
        a block), Nr = Nk + 6 (10). Therefore 'i' will iterate from
        4 to 44 (exclusive). Each time we iterate 4 times, i / Nk will
        increase by 1. We use a counter iNk to keep track of this.
       */

      // go through the rounds expanding the key
      var temp, iNk = 1;
      var Nk = w.length;
      var Nr1 = Nk + 6 + 1;
      var end = Nb * Nr1;
      for (var i = Nk; i < end; ++i) {
        temp = w[i - 1];
        if (i % Nk === 0) {
          // temp = SubWord(RotWord(temp)) ^ Rcon[i / Nk]
          temp =
            sbox[temp >>> 16 & 255] << 24 ^
            sbox[temp >>> 8 & 255] << 16 ^
            sbox[temp & 255] << 8 ^
            sbox[temp >>> 24] ^ (rcon[iNk] << 24);
          iNk++;
        } else if (Nk > 6 && (i % Nk === 4)) {
          // temp = SubWord(temp)
          temp =
            sbox[temp >>> 24] << 24 ^
            sbox[temp >>> 16 & 255] << 16 ^
            sbox[temp >>> 8 & 255] << 8 ^
            sbox[temp & 255];
        }
        w[i] = w[i - Nk] ^ temp;
      }

      /* When we are updating a cipher block we always use the code path for
        encryption whether we are decrypting or not (to shorten code and
        simplify the generation of look up tables). However, because there
        are differences in the decryption algorithm, other than just swapping
        in different look up tables, we must transform our key schedule to
        account for these changes:
   
        1. The decryption algorithm gets its key rounds in reverse order.
        2. The decryption algorithm adds the round key before mixing columns
          instead of afterwards.
   
        We don't need to modify our key schedule to handle the first case,
        we can just traverse the key schedule in reverse order when decrypting.
   
        The second case requires a little work.
   
        The tables we built for performing rounds will take an input and then
        perform SubBytes() and MixColumns() or, for the decrypt version,
        InvSubBytes() and InvMixColumns(). But the decrypt algorithm requires
        us to AddRoundKey() before InvMixColumns(). This means we'll need to
        apply some transformations to the round key to inverse-mix its columns
        so they'll be correct for moving AddRoundKey() to after the state has
        had its columns inverse-mixed.
   
        To inverse-mix the columns of the state when we're decrypting we use a
        lookup table that will apply InvSubBytes() and InvMixColumns() at the
        same time. However, the round key's bytes are not inverse-substituted
        in the decryption algorithm. To get around this problem, we can first
        substitute the bytes in the round key so that when we apply the
        transformation via the InvSubBytes()+InvMixColumns() table, it will
        undo our substitution leaving us with the original value that we
        want -- and then inverse-mix that value.
   
        This change will correctly alter our key schedule so that we can XOR
        each round key with our already transformed decryption state. This
        allows us to use the same code path as the encryption algorithm.
   
        We make one more change to the decryption key. Since the decryption
        algorithm runs in reverse from the encryption algorithm, we reverse
        the order of the round keys to avoid having to iterate over the key
        schedule backwards when running the encryption algorithm later in
        decryption mode. In addition to reversing the order of the round keys,
        we also swap each round key's 2nd and 4th rows. See the comments
        section where rounds are performed for more details about why this is
        done. These changes are done inline with the other substitution
        described above.
     */
      if (decrypt) {
        var tmp;
        var m0 = imix[0];
        var m1 = imix[1];
        var m2 = imix[2];
        var m3 = imix[3];
        var wnew = w.slice(0);
        end = w.length;
        for (var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) {
          // do not sub the first or last round key (round keys are Nb
          // words) as no column mixing is performed before they are added,
          // but do change the key order
          if (i === 0 || i === (end - Nb)) {
            wnew[i] = w[wi];
            wnew[i + 1] = w[wi + 3];
            wnew[i + 2] = w[wi + 2];
            wnew[i + 3] = w[wi + 1];
          } else {
            // substitute each round key byte because the inverse-mix
            // table will inverse-substitute it (effectively cancel the
            // substitution because round key bytes aren't sub'd in
            // decryption mode) and swap indexes 3 and 1
            for (var n = 0; n < Nb; ++n) {
              tmp = w[wi + n];
              wnew[i + (3 & -n)] =
                m0[sbox[tmp >>> 24]] ^
                m1[sbox[tmp >>> 16 & 255]] ^
                m2[sbox[tmp >>> 8 & 255]] ^
                m3[sbox[tmp & 255]];
            }
          }
        }
        w = wnew;
      }

      return w;
    }

    /*
     * Updates a single block (16 bytes) using AES. The update will either
     * encrypt or decrypt the block.
     *
     * @param w the key schedule.
     * @param input the input block (an array of 32-bit words).
     * @param output the updated output block.
     * @param decrypt true to decrypt the block, false to encrypt it.
     */
    function _updateBlock(w, input, output, decrypt) {
      /*
      Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
      begin
        byte state[4,Nb]
        state = in
        AddRoundKey(state, w[0, Nb-1])
        for round = 1 step 1 to Nr�C1
          SubBytes(state)
          ShiftRows(state)
          MixColumns(state)
          AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
        end for
        SubBytes(state)
        ShiftRows(state)
        AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
        out = state
      end
    
      InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
      begin
        byte state[4,Nb]
        state = in
        AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
        for round = Nr-1 step -1 downto 1
          InvShiftRows(state)
          InvSubBytes(state)
          AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
          InvMixColumns(state)
        end for
        InvShiftRows(state)
        InvSubBytes(state)
        AddRoundKey(state, w[0, Nb-1])
        out = state
      end
      */

      // Encrypt: AddRoundKey(state, w[0, Nb-1])
      // Decrypt: AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
      var Nr = w.length / 4 - 1;
      var m0, m1, m2, m3, sub;
      if (decrypt) {
        m0 = imix[0];
        m1 = imix[1];
        m2 = imix[2];
        m3 = imix[3];
        sub = isbox;
      } else {
        m0 = mix[0];
        m1 = mix[1];
        m2 = mix[2];
        m3 = mix[3];
        sub = sbox;
      }
      var a, b, c, d, a2, b2, c2;
      a = input[0] ^ w[0];
      b = input[decrypt ? 3 : 1] ^ w[1];
      c = input[2] ^ w[2];
      d = input[decrypt ? 1 : 3] ^ w[3];
      var i = 3;

      /* In order to share code we follow the encryption algorithm when both
        encrypting and decrypting. To account for the changes required in the
        decryption algorithm, we use different lookup tables when decrypting
        and use a modified key schedule to account for the difference in the
        order of transformations applied when performing rounds. We also get
        key rounds in reverse order (relative to encryption). */
      for (var round = 1; round < Nr; ++round) {
        /* As described above, we'll be using table lookups to perform the
          column mixing. Each column is stored as a word in the state (the
          array 'input' has one column as a word at each index). In order to
          mix a column, we perform these transformations on each row in c,
          which is 1 byte in each word. The new column for c0 is c'0:
    
                   m0      m1      m2      m3
          r0,c'0 = 2*r0,c0 + 3*r1,c0 + 1*r2,c0 + 1*r3,c0
          r1,c'0 = 1*r0,c0 + 2*r1,c0 + 3*r2,c0 + 1*r3,c0
          r2,c'0 = 1*r0,c0 + 1*r1,c0 + 2*r2,c0 + 3*r3,c0
          r3,c'0 = 3*r0,c0 + 1*r1,c0 + 1*r2,c0 + 2*r3,c0
    
          So using mix tables where c0 is a word with r0 being its upper
          8 bits and r3 being its lower 8 bits:
    
          m0[c0 >> 24] will yield this word: [2*r0,1*r0,1*r0,3*r0]
          ...
          m3[c0 & 255] will yield this word: [1*r3,1*r3,3*r3,2*r3]
    
          Therefore to mix the columns in each word in the state we
          do the following (& 255 omitted for brevity):
          c'0,r0 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
          c'0,r1 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
          c'0,r2 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
          c'0,r3 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
    
          However, before mixing, the algorithm requires us to perform
          ShiftRows(). The ShiftRows() transformation cyclically shifts the
          last 3 rows of the state over different offsets. The first row
          (r = 0) is not shifted.
    
          s'_r,c = s_r,(c + shift(r, Nb) mod Nb
          for 0 < r < 4 and 0 <= c < Nb and
          shift(1, 4) = 1
          shift(2, 4) = 2
          shift(3, 4) = 3.
    
          This causes the first byte in r = 1 to be moved to the end of
          the row, the first 2 bytes in r = 2 to be moved to the end of
          the row, the first 3 bytes in r = 3 to be moved to the end of
          the row:
    
          r1: [c0 c1 c2 c3] => [c1 c2 c3 c0]
          r2: [c0 c1 c2 c3]    [c2 c3 c0 c1]
          r3: [c0 c1 c2 c3]    [c3 c0 c1 c2]
    
          We can make these substitutions inline with our column mixing to
          generate an updated set of equations to produce each word in the
          state (note the columns have changed positions):
    
          c0 c1 c2 c3 => c0 c1 c2 c3
          c0 c1 c2 c3    c1 c2 c3 c0  (cycled 1 byte)
          c0 c1 c2 c3    c2 c3 c0 c1  (cycled 2 bytes)
          c0 c1 c2 c3    c3 c0 c1 c2  (cycled 3 bytes)
    
          Therefore:
    
          c'0 = 2*r0,c0 + 3*r1,c1 + 1*r2,c2 + 1*r3,c3
          c'0 = 1*r0,c0 + 2*r1,c1 + 3*r2,c2 + 1*r3,c3
          c'0 = 1*r0,c0 + 1*r1,c1 + 2*r2,c2 + 3*r3,c3
          c'0 = 3*r0,c0 + 1*r1,c1 + 1*r2,c2 + 2*r3,c3
    
          c'1 = 2*r0,c1 + 3*r1,c2 + 1*r2,c3 + 1*r3,c0
          c'1 = 1*r0,c1 + 2*r1,c2 + 3*r2,c3 + 1*r3,c0
          c'1 = 1*r0,c1 + 1*r1,c2 + 2*r2,c3 + 3*r3,c0
          c'1 = 3*r0,c1 + 1*r1,c2 + 1*r2,c3 + 2*r3,c0
    
          ... and so forth for c'2 and c'3. The important distinction is
          that the columns are cycling, with c0 being used with the m0
          map when calculating c0, but c1 being used with the m0 map when
          calculating c1 ... and so forth.
    
          When performing the inverse we transform the mirror image and
          skip the bottom row, instead of the top one, and move upwards:
    
          c3 c2 c1 c0 => c0 c3 c2 c1  (cycled 3 bytes) *same as encryption
          c3 c2 c1 c0    c1 c0 c3 c2  (cycled 2 bytes)
          c3 c2 c1 c0    c2 c1 c0 c3  (cycled 1 byte)  *same as encryption
          c3 c2 c1 c0    c3 c2 c1 c0
    
          If you compare the resulting matrices for ShiftRows()+MixColumns()
          and for InvShiftRows()+InvMixColumns() the 2nd and 4th columns are
          different (in encrypt mode vs. decrypt mode). So in order to use
          the same code to handle both encryption and decryption, we will
          need to do some mapping.
    
          If in encryption mode we let a=c0, b=c1, c=c2, d=c3, and r<N> be
          a row number in the state, then the resulting matrix in encryption
          mode for applying the above transformations would be:
    
          r1: a b c d
          r2: b c d a
          r3: c d a b
          r4: d a b c
    
          If we did the same in decryption mode we would get:
    
          r1: a d c b
          r2: b a d c
          r3: c b a d
          r4: d c b a
    
          If instead we swap d and b (set b=c3 and d=c1), then we get:
    
          r1: a b c d
          r2: d a b c
          r3: c d a b
          r4: b c d a
    
          Now the 1st and 3rd rows are the same as the encryption matrix. All
          we need to do then to make the mapping exactly the same is to swap
          the 2nd and 4th rows when in decryption mode. To do this without
          having to do it on each iteration, we swapped the 2nd and 4th rows
          in the decryption key schedule. We also have to do the swap above
          when we first pull in the input and when we set the final output. */
        a2 =
          m0[a >>> 24] ^
          m1[b >>> 16 & 255] ^
          m2[c >>> 8 & 255] ^
          m3[d & 255] ^ w[++i];
        b2 =
          m0[b >>> 24] ^
          m1[c >>> 16 & 255] ^
          m2[d >>> 8 & 255] ^
          m3[a & 255] ^ w[++i];
        c2 =
          m0[c >>> 24] ^
          m1[d >>> 16 & 255] ^
          m2[a >>> 8 & 255] ^
          m3[b & 255] ^ w[++i];
        d =
          m0[d >>> 24] ^
          m1[a >>> 16 & 255] ^
          m2[b >>> 8 & 255] ^
          m3[c & 255] ^ w[++i];
        a = a2;
        b = b2;
        c = c2;
      }

      /*
        Encrypt:
        SubBytes(state)
        ShiftRows(state)
        AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
    
        Decrypt:
        InvShiftRows(state)
        InvSubBytes(state)
        AddRoundKey(state, w[0, Nb-1])
       */
      // Note: rows are shifted inline
      output[0] =
        (sub[a >>> 24] << 24) ^
        (sub[b >>> 16 & 255] << 16) ^
        (sub[c >>> 8 & 255] << 8) ^
        (sub[d & 255]) ^ w[++i];
      output[decrypt ? 3 : 1] =
        (sub[b >>> 24] << 24) ^
        (sub[c >>> 16 & 255] << 16) ^
        (sub[d >>> 8 & 255] << 8) ^
        (sub[a & 255]) ^ w[++i];
      output[2] =
        (sub[c >>> 24] << 24) ^
        (sub[d >>> 16 & 255] << 16) ^
        (sub[a >>> 8 & 255] << 8) ^
        (sub[b & 255]) ^ w[++i];
      output[decrypt ? 1 : 3] =
        (sub[d >>> 24] << 24) ^
        (sub[a >>> 16 & 255] << 16) ^
        (sub[b >>> 8 & 255] << 8) ^
        (sub[c & 255]) ^ w[++i];
    }

  } // end module implementation

  return initModule(forge);
})();

/*
 * DES (Data Encryption Standard) implementation.
 *
 * This implementation supports DES as well as 3DES-EDE in ECB and CBC mode.
 * It is based on the BSD-licensed implementation by Paul Tero:
 *
 * Paul Tero, July 2001
 * http://www.tero.co.uk/des/
 *
 * Optimised for performance with large blocks by Michael Hayworth, November 2001
 * http://www.netdealing.com
 *
 * THIS SOFTWARE IS PROVIDED "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * @author Stefan Siegl
 * @author Dave Longley
 *
 * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
 * Copyright (c) 2012-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    /* DES API */
    forge.des = forge.des || {};

    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * Creates a new DES cipher algorithm object.
     *
     * @param name the name of the algorithm.
     * @param mode the mode factory function.
     *
     * @return the DES algorithm object.
     */
    forge.des.Algorithm = function (name, mode) {
      var self = this;
      self.name = name;
      self.mode = new mode({
        blockSize: 8,
        cipher: {
          encrypt: function (inBlock, outBlock) {
            return _updateBlock(self._keys, inBlock, outBlock, false);
          },
          decrypt: function (inBlock, outBlock) {
            return _updateBlock(self._keys, inBlock, outBlock, true);
          }
        }
      });
      self._init = false;
    };

    /*
     * Initializes this DES algorithm by expanding its key.
     *
     * @param options the options to use.
     *          key the key, as a ByteBuffer, to use with this algorithm.
     *          decrypt true if the algorithm should be initialized for decryption,
     *            false for encryption.
     */
    forge.des.Algorithm.prototype.initialize = function (options) {
      if (this._init) {
        return;
      }

      if (!(options.key instanceof ByteBuffer)) {
        throw new TypeError('options.key must be a ByteBuffer.');
      }

      // convert key into 32-bit integer array
      var key = options.key;
      if (this.name.indexOf('3DES') === 0 && key.length() !== 24) {
        throw new Error(
          'Triple-DES key size must be 192 bits (24 bytes), got ' +
          key.length() * 8 + ' bits.');
      }

      // do key expansion to 16 or 48 subkeys (single or triple DES)
      this._keys = _createKeys(key.copy());
      this._init = true;
    };


    /** Register DES algorithms **/

    registerAlgorithm('DES-ECB', forge.cipher.modes.ecb);
    registerAlgorithm('DES-CBC', forge.cipher.modes.cbc);

    registerAlgorithm('3DES-ECB', forge.cipher.modes.ecb);
    registerAlgorithm('3DES-CBC', forge.cipher.modes.cbc);

    function registerAlgorithm(name, mode) {
      var factory = function () {
        return new forge.des.Algorithm(name, mode);
      };
      forge.cipher.registerAlgorithm(name, factory);
    }


    /** DES implementation **/

    var spfunction1 = [0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004];
    var spfunction2 = [-0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, -0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, -0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, -0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, -0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, -0x7fef7fe0, 0x108000];
    var spfunction3 = [0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200];
    var spfunction4 = [0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080];
    var spfunction5 = [0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, 0x40080000, 0x2080100, 0x40000100];
    var spfunction6 = [0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010];
    var spfunction7 = [0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002];
    var spfunction8 = [0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000];

    /*
     * Create necessary sub keys.
     *
     * @param key the 64-bit or 192-bit key.
     *
     * @return the expanded keys.
     */
    function _createKeys(key) {
      var pc2bytes0 = [0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204],
        pc2bytes1 = [0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101],
        pc2bytes2 = [0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808],
        pc2bytes3 = [0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000],
        pc2bytes4 = [0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, 0x41000, 0x1010, 0x41010],
        pc2bytes5 = [0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, 0x2000000, 0x2000400, 0x2000020, 0x2000420],
        pc2bytes6 = [0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002],
        pc2bytes7 = [0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800],
        pc2bytes8 = [0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, 0x2000002, 0x2040002, 0x2000002, 0x2040002],
        pc2bytes9 = [0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408],
        pc2bytes10 = [0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, 0x102000, 0x102020, 0x102000, 0x102020],
        pc2bytes11 = [0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200],
        pc2bytes12 = [0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010],
        pc2bytes13 = [0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105];

      // how many iterations (1 for des, 3 for triple des)
      // changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys
      var iterations = key.length() > 8 ? 3 : 1;

      // stores the return keys
      var keys = [];

      // now define the left shifts which need to be done
      var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];

      var n = 0, tmp;
      for (var j = 0; j < iterations; j++) {
        var left = key.getInt32();
        var right = key.getInt32();

        tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
        right ^= tmp;
        left ^= (tmp << 4);

        tmp = ((right >>> -16) ^ left) & 0x0000ffff;
        left ^= tmp;
        right ^= (tmp << -16);

        tmp = ((left >>> 2) ^ right) & 0x33333333;
        right ^= tmp;
        left ^= (tmp << 2);

        tmp = ((right >>> -16) ^ left) & 0x0000ffff;
        left ^= tmp;
        right ^= (tmp << -16);

        tmp = ((left >>> 1) ^ right) & 0x55555555;
        right ^= tmp;
        left ^= (tmp << 1);

        tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
        left ^= tmp;
        right ^= (tmp << 8);

        tmp = ((left >>> 1) ^ right) & 0x55555555;
        right ^= tmp;
        left ^= (tmp << 1);

        // right needs to be shifted and OR'd with last four bits of left
        tmp = (left << 8) | ((right >>> 20) & 0x000000f0);

        // left needs to be put upside down
        left = ((right << 24) | ((right << 8) & 0xff0000) |
          ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0));
        right = tmp;

        // now go through and perform these shifts on the left and right keys
        for (var i = 0; i < shifts.length; ++i) {
          //shift the keys either one or two bits to the left
          if (shifts[i]) {
            left = (left << 2) | (left >>> 26);
            right = (right << 2) | (right >>> 26);
          } else {
            left = (left << 1) | (left >>> 27);
            right = (right << 1) | (right >>> 27);
          }
          left &= -0xf;
          right &= -0xf;

          // now apply PC-2, in such a way that E is easier when encrypting or
          // decrypting this conversion will look like PC-2 except only the last 6
          // bits of each byte are used rather than 48 consecutive bits and the
          // order of lines will be according to how the S selection functions will
          // be applied: S2, S4, S6, S8, S1, S3, S5, S7
          var lefttmp = (
            pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] |
            pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] |
            pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] |
            pc2bytes6[(left >>> 4) & 0xf]);
          var righttmp = (
            pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] |
            pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] |
            pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |
            pc2bytes13[(right >>> 4) & 0xf]);
          tmp = ((righttmp >>> 16) ^ lefttmp) & 0x0000ffff;
          keys[n++] = lefttmp ^ tmp;
          keys[n++] = righttmp ^ (tmp << 16);
        }
      }

      return keys;
    }

    /*
     * Updates a single block (1 byte) using DES. The update will either
     * encrypt or decrypt the block.
     *
     * @param keys the expanded keys.
     * @param input the input block (an array of 32-bit words).
     * @param output the updated output block.
     * @param decrypt true to decrypt the block, false to encrypt it.
     */
    function _updateBlock(keys, input, output, decrypt) {
      // set up loops for single or triple DES
      var iterations = keys.length === 32 ? 3 : 9;
      var looping;
      if (iterations === 3) {
        looping = decrypt ? [30, -2, -2] : [0, 32, 2];
      } else {
        looping = (decrypt ?
          [94, 62, -2, 32, 64, 2, 30, -2, -2] :
          [0, 32, 2, 62, 30, -2, 64, 96, 2]);
      }

      var tmp;

      var left = input[0];
      var right = input[1];

      // first each 64 bit chunk of the message must be permuted according to IP
      tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
      right ^= tmp;
      left ^= (tmp << 4);

      tmp = ((left >>> 16) ^ right) & 0x0000ffff;
      right ^= tmp;
      left ^= (tmp << 16);

      tmp = ((right >>> 2) ^ left) & 0x33333333;
      left ^= tmp;
      right ^= (tmp << 2);

      tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
      left ^= tmp;
      right ^= (tmp << 8);

      tmp = ((left >>> 1) ^ right) & 0x55555555;
      right ^= tmp;
      left ^= (tmp << 1);

      // rotate left 1 bit
      left = ((left << 1) | (left >>> 31));
      right = ((right << 1) | (right >>> 31));

      for (var j = 0; j < iterations; j += 3) {
        var endloop = looping[j + 1];
        var loopinc = looping[j + 2];

        // now go through and perform the encryption or decryption
        for (var i = looping[j]; i != endloop; i += loopinc) {
          var right1 = right ^ keys[i];
          var right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];

          // passing these bytes through the S selection functions
          tmp = left;
          left = right;
          right = tmp ^ (
            spfunction2[(right1 >>> 24) & 0x3f] |
            spfunction4[(right1 >>> 16) & 0x3f] |
            spfunction6[(right1 >>> 8) & 0x3f] |
            spfunction8[right1 & 0x3f] |
            spfunction1[(right2 >>> 24) & 0x3f] |
            spfunction3[(right2 >>> 16) & 0x3f] |
            spfunction5[(right2 >>> 8) & 0x3f] |
            spfunction7[right2 & 0x3f]);
        }
        // unreverse left and right
        tmp = left;
        left = right;
        right = tmp;
      }

      // rotate right 1 bit
      left = ((left >>> 1) | (left << 31));
      right = ((right >>> 1) | (right << 31));

      // now perform IP-1, which is IP in the opposite direction
      tmp = ((left >>> 1) ^ right) & 0x55555555;
      right ^= tmp;
      left ^= (tmp << 1);

      tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
      left ^= tmp;
      right ^= (tmp << 8);

      tmp = ((right >>> 2) ^ left) & 0x33333333;
      left ^= tmp;
      right ^= (tmp << 2);

      tmp = ((left >>> 16) ^ right) & 0x0000ffff;
      right ^= tmp;
      left ^= (tmp << 16);

      tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
      right ^= tmp;
      left ^= (tmp << 4);

      output[0] = left;
      output[1] = right;
    }

  } // end module implementation

  return initModule(forge);
})();

/*
 * Javascript implementation of Abstract Syntax Notation Number One.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 *
 * An API for storing data using the Abstract Syntax Notation Number One
 * format using DER (Distinguished Encoding Rules) encoding. This encoding is
 * commonly used to store data for PKI, i.e. X.509 Certificates, and this
 * implementation exists for that purpose.
 *
 * Abstract Syntax Notation Number One (ASN.1) is used to define the abstract
 * syntax of information without restricting the way the information is encoded
 * for transmission. It provides a standard that allows for open systems
 * communication. ASN.1 defines the syntax of information data and a number of
 * simple data types as well as a notation for describing them and specifying
 * values for them.
 *
 * The RSA algorithm creates public and private keys that are often stored in
 * X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This
 * class provides the most basic functionality required to store and load DSA
 * keys that are encoded according to ASN.1.
 *
 * The most common binary encodings for ASN.1 are BER (Basic Encoding Rules)
 * and DER (Distinguished Encoding Rules). DER is just a subset of BER that
 * has stricter requirements for how data must be encoded.
 *
 * Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type)
 * and a byte array for the value of this ASN1 structure which may be data or a
 * list of ASN.1 structures.
 *
 * Each ASN.1 structure using BER is (Tag-Length-Value):
 *
 * | byte 0 | bytes X | bytes Y |
 * |--------|---------|----------
 * |  tag   | length  |  value  |
 *
 * ASN.1 allows for tags to be of "High-tag-number form" which allows a tag to
 * be two or more octets, but that is not supported by this class. A tag is
 * only 1 byte. Bits 1-5 give the tag number (ie the data type within a
 * particular 'class'), 6 indicates whether or not the ASN.1 value is
 * constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If
 * bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set,
 * then the class is APPLICATION. If only bit 8 is set, then the class is
 * CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE.
 * The tag numbers for the data types for the class UNIVERSAL are listed below:
 *
 * UNIVERSAL 0 Reserved for use by the encoding rules
 * UNIVERSAL 1 Boolean type
 * UNIVERSAL 2 Integer type
 * UNIVERSAL 3 Bitstring type
 * UNIVERSAL 4 Octetstring type
 * UNIVERSAL 5 Null type
 * UNIVERSAL 6 Object identifier type
 * UNIVERSAL 7 Object descriptor type
 * UNIVERSAL 8 External type and Instance-of type
 * UNIVERSAL 9 Real type
 * UNIVERSAL 10 Enumerated type
 * UNIVERSAL 11 Embedded-pdv type
 * UNIVERSAL 12 UTF8String type
 * UNIVERSAL 13 Relative object identifier type
 * UNIVERSAL 14-15 Reserved for future editions
 * UNIVERSAL 16 Sequence and Sequence-of types
 * UNIVERSAL 17 Set and Set-of types
 * UNIVERSAL 18-22, 25-30 Character string types
 * UNIVERSAL 23-24 Time types
 *
 * The length of an ASN.1 structure is specified after the tag identifier.
 * There is a definite form and an indefinite form. The indefinite form may
 * be used if the encoding is constructed and not all immediately available.
 * The indefinite form is encoded using a length byte with only the 8th bit
 * set. The end of the constructed object is marked using end-of-contents
 * octets (two zero bytes).
 *
 * The definite form looks like this:
 *
 * The length may take up 1 or more bytes, it depends on the length of the
 * value of the ASN.1 structure. DER encoding requires that if the ASN.1
 * structure has a value that has a length greater than 127, more than 1 byte
 * will be used to store its length, otherwise just one byte will be used.
 * This is strict.
 *
 * In the case that the length of the ASN.1 value is less than 127, 1 octet
 * (byte) is used to store the "short form" length. The 8th bit has a value of
 * 0 indicating the length is "short form" and not "long form" and bits 7-1
 * give the length of the data. (The 8th bit is the left-most, most significant
 * bit: also known as big endian or network format).
 *
 * In the case that the length of the ASN.1 value is greater than 127, 2 to
 * 127 octets (bytes) are used to store the "long form" length. The first
 * byte's 8th bit is set to 1 to indicate the length is "long form." Bits 7-1
 * give the number of additional octets. All following octets are in base 256
 * with the most significant digit first (typical big-endian binary unsigned
 * integer storage). So, for instance, if the length of a value was 257, the
 * first byte would be set to:
 *
 * 10000010 = 130 = 0x82.
 *
 * This indicates there are 2 octets (base 256) for the length. The second and
 * third bytes (the octets just mentioned) would store the length in base 256:
 *
 * octet 2: 00000001 = 1 * 256^1 = 256
 * octet 3: 00000001 = 1 * 256^0 = 1
 * total = 257
 *
 * The algorithm for converting a js integer value of 257 to base-256 is:
 *
 * var value = 257;
 * var bytes = [];
 * bytes[0] = (value >>> 8) & 0xFF; // most significant byte first
 * bytes[1] = value & 0xFF;        // least significant byte last
 *
 * On the ASN.1 UNIVERSAL Object Identifier (OID) type:
 *
 * An OID can be written like: "value1.value2.value3...valueN"
 *
 * The DER encoding rules:
 *
 * The first byte has the value 40 * value1 + value2.
 * The following bytes, if any, encode the remaining values. Each value is
 * encoded in base 128, most significant digit first (big endian), with as
 * few digits as possible, and the most significant bit of each byte set
 * to 1 except the last in each value's encoding. For example: Given the
 * OID "1.2.840.113549", its DER encoding is (remember each byte except the
 * last one in each encoding is OR'd with 0x80):
 *
 * byte 1: 40 * 1 + 2 = 42 = 0x2A.
 * bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648
 * bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D
 *
 * The final value is: 0x2A864886F70D.
 * The full OID (including ASN.1 tag and length of 6 bytes) is:
 * 0x06062A864886F70D
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // TODO: Better abstract ASN.1 away from its serialization (DER) and support BER

    /* ASN.1 API */
    var asn1 = forge.asn1 = forge.asn1 || {};

    /**
     * ASN.1 classes.
     */
    asn1.Class = {
      UNIVERSAL: 0x00,
      APPLICATION: 0x40,
      CONTEXT_SPECIFIC: 0x80,
      PRIVATE: 0xC0
    };

    /*
     * ASN.1 types for ASN.1 class UNIVERSAL. Not all types are supported by this
     * implementation, only those necessary to implement a simple PKI are
     * implemented.
     */
    asn1.Type = {
      NONE: 0,
      BOOLEAN: 1,
      INTEGER: 2,
      BITSTRING: 3,
      OCTETSTRING: 4,
      NULL: 5,
      OID: 6,
      ODESC: 7,
      EXTERNAL: 8,
      REAL: 9,
      ENUMERATED: 10,
      EMBEDDED: 11,
      UTF8: 12,
      ROID: 13,
      SEQUENCE: 16,
      SET: 17,
      PRINTABLESTRING: 19,
      IA5STRING: 22,
      UTCTIME: 23,
      GENERALIZEDTIME: 24,
      BMPSTRING: 30
    };

    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * Creates a new asn1 object. The given value must be compatible with the
     * given type.
     *
     * @param tagClass the tag class for the object.
     * @param type the data type (tag number) for the object.
     * @param constructed true if the asn1 object is in constructed form.
     * @param value the value for the object as a JavaScript primitive or
     *          a ByteBuffer, if it is not constructed, otherwise an array of
     *          other asn1 objects.
     *
     * Required value types based on UNIVERSAL asn1.Types:
     *
     * OID: string (in dotted format)
     * BOOLEAN: boolean or ByteBuffer
     * INTEGER: number (if < 32 bit) or ByteBuffer
     * NULL: null
     * UTF8, PRINTABLESTRING, IA5STRING, BMPSTRING: string
     * UTCTIME, GENERALIZEDTIME: Date or string
     *
     * @return the asn1 object.
     */
    asn1.create = function (tagClass, type, constructed, value) {
      /* An asn1 object has a tagClass, a type, a constructed flag, and a
        value. The value's type depends on the constructed flag. If
        constructed, it will contain a list of other asn1 objects. If not,
        it will contain the ASN.1 value in an appropriate native representation
        or as a ByteBuffer containing bytes formatted according to the ASN.1
        data type. */

      // remove undefined values
      var isArray = forge.util.isArray(value);
      if (isArray) {
        var tmp = [];
        for (var i = 0; i < value.length; ++i) {
          if (value[i] !== undefined) {
            tmp.push(value[i]);
          }
        }
        value = tmp;
      } else if (tagClass === asn1.Class.UNIVERSAL) {
        // validate UNIVERSAL value type
        switch (type) {
          case asn1.Type.OID:
            if (typeof value !== 'string') {
              throw new TypeError('value must be a string for type OID.');
            }
            break;
          case asn1.Type.BOOLEAN:
            if (typeof value !== 'boolean' && !(value instanceof ByteBuffer)) {
              throw new TypeError(
                'value must be a boolean or a ByteBuffer for type BOOLEAN.');
            }
            break;
          case asn1.Type.INTEGER:
            if (typeof value !== 'number' && !(value instanceof ByteBuffer)) {
              throw new TypeError(
                'value must be a number or a ByteBuffer for type INTEGER.');
            }
            break;
          case asn1.Type.NULL:
            if (value !== null) {
              throw new TypeError('value must be null for type NULL.');
            }
            break;
          case asn1.Type.UTF8:
            if (typeof value !== 'string') {
              throw new TypeError('value must be a string for type UTF8.');
            }
            break;
          case asn1.Type.PRINTABLESTRING:
            if (typeof value !== 'string') {
              throw new TypeError('value must be a string for type PRINTABLESTRING.');
            }
            break;
          case asn1.Type.IA5STRING:
            if (typeof value !== 'string') {
              throw new TypeError('value must be a string for type IA5STRING.');
            }
            break;
          case asn1.Type.UTCTIME:
            if (typeof value !== 'string' && !(value instanceof Date)) {
              throw new TypeError('value must be a string or Date for type UTCTIME.');
            }
            break;
          case asn1.Type.GENERALIZEDTIME:
            if (typeof value !== 'string' && !(value instanceof Date)) {
              throw new TypeError(
                'value must be a string or Date for type GENERALIZEDTIME.');
            }
            break;
          case asn1.Type.BMPSTRING:
            if (typeof value !== 'string') {
              throw new TypeError('value must be a string for type BMPSTRING.');
            }
            break;
          default:
            if (!(value instanceof ByteBuffer)) {
              throw new TypeError('value must be a ByteBuffer.');
            }
        }
      } else if (!(value instanceof ByteBuffer)) {
        // non-UNIVERSAL values must always be ByteBuffers
        throw new TypeError('value must be a ByteBuffer.');
      }

      return {
        tagClass: tagClass,
        type: type,
        constructed: constructed,
        composed: constructed || isArray,
        value: value
      };
    };

    /*
     * Parses an asn1 object from a ByteBuffer with DER-formatted data.
     *
     * @param der the ByteBuffer to parse from.
     * @param strict true to be strict when checking value lengths, false to
     *          allow truncated values (default: true).
     *
     * @return the parsed asn1 object.
     */
    asn1.fromDer = function (der, strict) {
      if (!(der instanceof ByteBuffer)) {
        throw new TypeError('der must be a ByteBuffer.');
      }

      if (strict === undefined) {
        strict = true;
      }

      // minimum length for ASN.1 DER structure is 2
      if (der.length() < 2) {
        var error = new Error('Too few bytes to parse DER.');
        error.bytes = der.length();
        throw error;
      }

      // get the first byte
      var b1 = der.getByte();

      // get the tag class
      var tagClass = (b1 & 0xC0);

      // get the type (bits 1-5)
      var type = b1 & 0x1F;

      // get the value length
      var length = _getValueLength(der);

      // ensure there are enough bytes to get the value
      if (der.length() < length) {
        if (strict) {
          var error = new Error('Too few bytes to read ASN.1 value.');
          error.detail = der.length() + ' < ' + length;
          throw error;
        }
        // Note: be lenient with truncated values
        length = der.length();
      }

      // prepare to get value
      var value;

      // constructed flag is bit 6 (32 = 0x20) of the first byte
      var constructed = ((b1 & 0x20) === 0x20);

      // determine if the value is composed of other ASN.1 objects (if its
      // constructed it will be and if its a BITSTRING it may be)
      var composed = constructed;
      if (!composed && tagClass === asn1.Class.UNIVERSAL &&
        type === asn1.Type.BITSTRING && length > 1) {
        /* The first octet gives the number of bits by which the length of the
          bit string is less than the next multiple of eight (this is called
          the "number of unused bits").
    
          The second and following octets give the value of the bit string
          converted to an octet string. */
        // if there are no unused bits, maybe the bitstring holds ASN.1 objs
        var read = der.read;
        var unused = der.getByte();
        if (unused === 0) {
          // if the first byte indicates UNIVERSAL or CONTEXT_SPECIFIC,
          // and the length is valid, assume we've got an ASN.1 object
          b1 = der.getByte();
          var tc = (b1 & 0xC0);
          if (tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC) {
            try {
              var len = _getValueLength(der);
              composed = (len === length - (der.read - read));
              if (composed) {
                // adjust read/length to account for unused bits byte
                ++read;
                --length;
              }
            } catch (ex) { }
          }
        }
        // restore read pointer
        der.read = read;
      }

      if (composed) {
        // parse child asn1 objects from the value
        value = [];
        if (length === undefined) {
          // asn1 object of indefinite length, read until end tag
          for (; ;) {
            if (der.bytes(2) === String.fromCharCode(0, 0)) {
              der.getBytes(2);
              break;
            }
            value.push(asn1.fromDer(der, strict));
          }
        } else {
          // parsing asn1 object of definite length
          var start = der.length();
          while (length > 0) {
            value.push(asn1.fromDer(der, strict));
            length -= start - der.length();
            start = der.length();
          }
        }
      } else {
        // asn1 not composed, get raw value
        if (length === undefined) {
          if (strict) {
            throw new Error('Non-constructed ASN.1 object of indefinite length.');
          }
          // be lenient and use remaining bytes
          length = der.length();
        }

        value = new ByteBuffer();
        value.putBytes(der.getBytes(length));
        value = asn1.derToNative(value, tagClass, type);
      }

      // create and return asn1 object
      return asn1.create(tagClass, type, constructed, value);
    };

    /*
     * Converts the given asn1 object to a ByteBuffer with DER-formatted data.
     *
     * @param asn1 the asn1 object to DER-encode.
     *
     * @return the ByteBuffer.
     */
    asn1.toDer = function (obj) {
      var der = new ByteBuffer();

      // build the first byte
      var b1 = obj.tagClass | obj.type;

      // for storing the ASN.1 value
      var value = new ByteBuffer();

      // if composed, use each child asn1 object's DER bytes as value
      if (obj.composed) {
        // turn on 6th bit (0x20 = 32) to indicate asn1 is constructed
        // from other asn1 objects
        if (obj.constructed) {
          b1 |= 0x20;
        } else {
          // type is a bit string, add unused bits of 0x00
          value.putByte(0x00);
        }

        // add all of the child DER bytes together
        for (var i = 0; i < obj.value.length; ++i) {
          if (obj.value[i] !== undefined) {
            value.putBuffer(asn1.toDer(obj.value[i]));
          }
        }
      } else {
        // convert non-composed from native representation
        value.putBuffer(asn1.nativeToDer(obj.value, obj.tagClass, obj.type));
      }

      // add tag byte
      der.putByte(b1);

      // use "short form" encoding
      if (value.length() <= 127) {
        // one byte describes the length
        // bit 8 = 0 and bits 7-1 = length
        der.putByte(value.length() & 0x7F);
      } else {
        // use "long form" encoding
        // 2 to 127 bytes describe the length
        // first byte: bit 8 = 1 and bits 7-1 = # of additional bytes
        // other bytes: length in base 256, big-endian
        // FIXME: use ByteBuffer for lenBytes
        var len = value.length();
        var lenBytes = '';
        do {
          lenBytes += String.fromCharCode(len & 0xFF);
          len = len >>> 8;
        } while (len > 0);

        // set first byte to # bytes used to store the length and turn on
        // bit 8 to indicate long-form length is used
        der.putByte(lenBytes.length | 0x80);

        // concatenate length bytes in reverse since they were generated
        // little endian and we need big endian
        for (var i = lenBytes.length - 1; i >= 0; --i) {
          der.putByte(lenBytes.charCodeAt(i));
        }
      }

      // concatenate value bytes
      return der.putBuffer(value);
    };

    /*
     * Converts the given asn1 value to a native representation based on
     * the given class and type. If no conversion can be performed, the value is
     * returned as-is, namely, as a ByteBuffer.
     *
     * Conversions for UNIVERSAL asn1.Types:
     *
     * OID => string (in dotted format)
     * BOOLEAN => ByteBuffer (not converted to avoid losing non-zero value)
     * INTEGER => number or ByteBuffer if > 32 bit
     * NULL => null
     * UTF8, PRINTABLESTRING, IA5STRING, BMPSTRING => string
     * UTCTIME, GENERALIZEDTIME => string (not converted to Date to preserve format)
     *
     * @param der the ByteBuffer with DER-encoded bytes.
     * @param type the ASN.1 type to convert to a native form.
     *
     * @return the native representation or a ByteBuffer.
     */
    asn1.derToNative = function (der, tagClass, type) {
      if (tagClass !== asn1.Class.UNIVERSAL) {
        return der;
      }

      switch (type) {
        case asn1.Type.OID:
          return asn1.derToOid(der);
        case asn1.Type.BOOLEAN:
          /* Don't convert to boolean because non-zero value is lost */
          break;
        case asn1.Type.INTEGER:
          try {
            return asn1.derToInteger(der);
          } catch (e) {
            return der;
          }
          break;
        case asn1.Type.NULL:
          return null;
        case asn1.Type.UTF8:
          return der.toString('utf8');
        case asn1.Type.PRINTABLESTRING:
        case asn1.Type.IA5STRING:
        /* Don't convert to Date object because format information is lost */
        case asn1.Type.UTCTIME:
        case asn1.Type.GENERALIZEDTIME:
          return der.toString('binary');
        case asn1.Type.BMPSTRING:
          var value = '';
          var bmp = der.copy();
          while (bmp.length() > 0) {
            value += String.fromCharCode(bmp.getInt16());
          }
          return value;
      }
      return der;
    };

    /*
     * Converts the given native representation of a value to a DER-encoded
     * ByteBuffer based on the given ASN.1 type.
     *
     * Valid conversions for UNIVERSAL asn1.Types:
     *
     * string (in dotted format) (OID)
     * boolean or ByteBuffer (BOOLEAN)
     * number or ByteBuffer (INTEGER)
     * null (NULL)
     * string (UTF8, PRINTABLESTRING, IA5STRING, BMPSTRING)
     * string or Date (UTCTIME, GENERALIZEDTIME)
     *
     * @param value the native value to convert.
     * @param type the ASN.1 type to use to convert.
     *
     * @return the ByteBuffer.
     */
    asn1.nativeToDer = function (value, tagClass, type) {
      if (tagClass !== asn1.Class.UNIVERSAL) {
        if (value instanceof ByteBuffer) {
          return value.copy();
        }
        throw new Error(
          'Could not convert native value to DER-encoded ByteBuffer; ' +
          'native type: "' + typeof value + '", ASN.1 class: "' + tagClass +
          '", ASN.1 type: "' + type + '".');
      }

      switch (type) {
        case asn1.Type.OID:
          if (typeof value !== 'string') {
            throw new TypeError('value must be a string for type OID.');
          }
          return asn1.oidToDer(value);
        case asn1.Type.BOOLEAN:
          if (typeof value !== 'boolean' && !(value instanceof ByteBuffer)) {
            throw new TypeError(
              'value must be a boolean or a ByteBuffer for type BOOLEAN.');
          }
          if (value instanceof ByteBuffer) {
            return value.copy();
          } else {
            return asn1.booleanToDer(value);
          }
          break;
        case asn1.Type.INTEGER:
          if (typeof value !== 'number' && !(value instanceof ByteBuffer)) {
            throw new TypeError(
              'value must be a number or a ByteBuffer for type INTEGER.');
          }
          if (value instanceof ByteBuffer) {
            return value.copy();
          } else {
            return asn1.integerToDer(value);
          }
          break;
        case asn1.Type.NULL:
          if (value !== null) {
            throw new TypeError('value must be null for type NULL.');
          }
          // return empty buffer
          return new ByteBuffer();
        case asn1.Type.UTF8:
          if (typeof value !== 'string') {
            throw new TypeError('value must be a string for type UTF8.');
          }
          return new ByteBuffer(value, 'utf8');
        case asn1.Type.PRINTABLESTRING:
          if (typeof value !== 'string') {
            throw new TypeError('value must be a string for type PRINTABLESTRING.');
          }
        /* falls through */
        case asn1.Type.IA5STRING:
          if (typeof value !== 'string') {
            throw new TypeError('value must be a string for type IA5STRING.');
          }
          return new ByteBuffer(value, 'binary');
        case asn1.Type.UTCTIME:
          if (typeof value !== 'string' && !(value instanceof Date)) {
            throw new TypeError('value must be a string or Date for type UTCTIME.');
          }
          return asn1.utcTimeToDer(value);
        case asn1.Type.GENERALIZEDTIME:
          if (typeof value !== 'string' && !(value instanceof Date)) {
            throw new TypeError(
              'value must be a string or Date for type GENERALIZEDTIME.');
          }
          return asn1.generalizedTimeToDer(value);
        case asn1.Type.BMPSTRING:
          if (typeof value !== 'string') {
            throw new TypeError('value must be a string for type BMPSTRING.');
          }
          return asn1.bmpStringToDer(value);
        default:
          if (value instanceof ByteBuffer) {
            return value.copy();
          }
          throw new Error(
            'Could not convert native value to DER-encoded ByteBuffer; ' +
            'native type: "' + typeof value + '", ASN.1 class: "' + tagClass +
            '", ASN.1 type: "' + type + '".');
      }
    };

    /*
     * Converts an OID dot-separated string to a ByteBuffer. The ByteBuffer
     * contains only the DER-encoded value, not any tag or length bytes.
     *
     * @param oid the OID dot-separated string.
     *
     * @return the ByteBuffer.
     */
    asn1.oidToDer = function (oid) {
      if (typeof oid !== 'string') {
        throw new TypeError('oid must be a string.');
      }

      // split OID into individual values
      var values = oid.split('.');
      var der = new ByteBuffer();

      // first byte is 40 * value1 + value2
      der.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10));
      // other bytes are each value in base 128 with 8th bit set except for
      // the last byte for each value
      var last, valueBytes, value, b;
      for (var i = 2; i < values.length; ++i) {
        // produce value bytes in reverse because we don't know how many
        // bytes it will take to store the value
        last = true;
        valueBytes = [];
        value = parseInt(values[i], 10);
        do {
          b = value & 0x7F;
          value = value >>> 7;
          // if value is not last, then turn on 8th bit
          if (!last) {
            b |= 0x80;
          }
          valueBytes.push(b);
          last = false;
        } while (value > 0);

        // add value bytes in reverse (needs to be in big endian)
        for (var n = valueBytes.length - 1; n >= 0; --n) {
          der.putByte(valueBytes[n]);
        }
      }

      return der;
    };

    /*
     * Converts a DER-encoded ByteBuffer to an OID dot-separated string. The
     * ByteBuffer should contain only the DER-encoded value, not any tag or
     * length bytes.
     *
     * @param der the ByteBuffer.
     *
     * @return the OID dot-separated string.
     */
    asn1.derToOid = function (der) {
      if (!(der instanceof ByteBuffer)) {
        throw new TypeError('der must be a ByteBuffer.');
      }

      var oid;
      der = der.copy();

      // first byte is 40 * value1 + value2
      var b = der.getByte();
      oid = Math.floor(b / 40) + '.' + (b % 40);

      // other bytes are each value in base 128 with 8th bit set except for
      // the last byte for each value
      var value = 0;
      while (der.length() > 0) {
        b = der.getByte();
        value = value << 7;
        // not the last byte for the value
        if (b & 0x80) {
          value += b & 0x7F;
        } else {
          // last byte
          oid += '.' + (value + b);
          value = 0;
        }
      }

      return oid;
    };

    /*
     * Converts a UTCTime value to a date.
     *
     * @param utc the UTCTime value (string or ByteBuffer) to convert.
     *
     * @return the date.
     */
    asn1.utcTimeToDate = function (utc) {
      if (typeof utc !== 'string' && !(utc instanceof ByteBuffer)) {
        throw new TypeError('utc must be a string or ByteBuffer.');
      }

      /* The following formats can be used:
    
        YYMMDDhhmmZ
        YYMMDDhhmm+hh'mm'
        YYMMDDhhmm-hh'mm'
        YYMMDDhhmmssZ
        YYMMDDhhmmss+hh'mm'
        YYMMDDhhmmss-hh'mm'
    
        Where:
    
        YY is the least significant two digits of the year
        MM is the month (01 to 12)
        DD is the day (01 to 31)
        hh is the hour (00 to 23)
        mm are the minutes (00 to 59)
        ss are the seconds (00 to 59)
        Z indicates that local time is GMT, + indicates that local time is
        later than GMT, and - indicates that local time is earlier than GMT
        hh' is the absolute value of the offset from GMT in hours
        mm' is the absolute value of the offset from GMT in minutes */
      var date = new Date();
      if (utc instanceof ByteBuffer) {
        utc = utc.toString('binary');
      }

      // if YY >= 50 use 19xx, if YY < 50 use 20xx
      var year = parseInt(utc.substr(0, 2), 10);
      year = (year >= 50) ? 1900 + year : 2000 + year;
      var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month
      var DD = parseInt(utc.substr(4, 2), 10);
      var hh = parseInt(utc.substr(6, 2), 10);
      var mm = parseInt(utc.substr(8, 2), 10);
      var ss = 0;
      var end;
      var c;

      // not just YYMMDDhhmmZ
      if (utc.length > 11) {
        // get character after minutes
        c = utc.charAt(10);
        end = 10;

        // see if seconds are present
        if (c !== '+' && c !== '-') {
          // get seconds
          ss = parseInt(utc.substr(10, 2), 10);
          end += 2;
        }
      }

      // update date
      date.setUTCFullYear(year, MM, DD);
      date.setUTCHours(hh, mm, ss, 0);

      if (end) {
        // get +/- after end of time
        c = utc.charAt(end);
        if (c === '+' || c === '-') {
          // get hours+minutes offset
          var hhoffset = parseInt(utc.substr(end + 1, 2), 10);
          var mmoffset = parseInt(utc.substr(end + 4, 2), 10);

          // calculate offset in milliseconds
          var offset = hhoffset * 60 + mmoffset;
          offset *= 60000;

          // apply offset
          if (c === '+') {
            date.setTime(+date - offset);
          } else {
            date.setTime(+date + offset);
          }
        }
      }

      return date;
    };

    /*
     * Converts a GeneralizedTime value to a date.
     *
     * @param gentime the GeneralizedTime value (string or ByteBuffer) to convert.
     *
     * @return the date.
     */
    asn1.generalizedTimeToDate = function (gentime) {
      if (typeof gentime !== 'string' && !(gentime instanceof ByteBuffer)) {
        throw new TypeError('generalized time must be a string or ByteBuffer.');
      }

      /* The following formats can be used:
    
        YYYYMMDDHHMMSS
        YYYYMMDDHHMMSS.fff
        YYYYMMDDHHMMSSZ
        YYYYMMDDHHMMSS.fffZ
        YYYYMMDDHHMMSS+hh'mm'
        YYYYMMDDHHMMSS.fff+hh'mm'
        YYYYMMDDHHMMSS-hh'mm'
        YYYYMMDDHHMMSS.fff-hh'mm'
    
        Where:
    
        YYYY is the year
        MM is the month (01 to 12)
        DD is the day (01 to 31)
        hh is the hour (00 to 23)
        mm are the minutes (00 to 59)
        ss are the seconds (00 to 59)
        .fff is the second fraction, accurate to three decimal places
        Z indicates that local time is GMT, + indicates that local time is
        later than GMT, and - indicates that local time is earlier than GMT
        hh' is the absolute value of the offset from GMT in hours
        mm' is the absolute value of the offset from GMT in minutes */
      var date = new Date();
      if (gentime instanceof ByteBuffer) {
        gentime = gentime.toString('binary');
      }

      var YYYY = parseInt(gentime.substr(0, 4), 10);
      var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month
      var DD = parseInt(gentime.substr(6, 2), 10);
      var hh = parseInt(gentime.substr(8, 2), 10);
      var mm = parseInt(gentime.substr(10, 2), 10);
      var ss = parseInt(gentime.substr(12, 2), 10);
      var fff = 0;
      var offset = 0;
      var isUTC = false;

      if (gentime.charAt(gentime.length - 1) === 'Z') {
        isUTC = true;
      }

      var end = gentime.length - 5;
      var c = gentime.charAt(end);
      if (c === '+' || c === '-') {
        // get hours+minutes offset
        var hhoffset = parseInt(gentime.substr(end + 1, 2), 10);
        var mmoffset = parseInt(gentime.substr(end + 4, 2), 10);

        // calculate offset in milliseconds
        offset = hhoffset * 60 + mmoffset;
        offset *= 60000;

        // apply offset
        if (c === '+') {
          offset *= -1;
        }

        isUTC = true;
      }

      // check for second fraction
      if (gentime.charAt(14) === '.') {
        fff = parseFloat(gentime.substr(14), 10) * 1000;
      }

      if (isUTC) {
        date.setUTCFullYear(YYYY, MM, DD);
        date.setUTCHours(hh, mm, ss, fff);

        // apply offset
        date.setTime(+date + offset);
      } else {
        date.setFullYear(YYYY, MM, DD);
        date.setHours(hh, mm, ss, fff);
      }

      return date;
    };

    /*
     * Converts a date to a UTCTime value.
     *
     * @param date the date to convert.
     *
     * @return the UTCTime value as a string.
     */
    asn1.dateToUtcTime = function (date) {
      // FIXME: assumes proper format
      if (typeof date === 'string') {
        return date;
      }

      var rval = '';

      // create format YYMMDDhhmmssZ
      var format = [];
      format.push(('' + date.getUTCFullYear()).substr(2));
      format.push('' + (date.getUTCMonth() + 1));
      format.push('' + date.getUTCDate());
      format.push('' + date.getUTCHours());
      format.push('' + date.getUTCMinutes());
      format.push('' + date.getUTCSeconds());

      // ensure 2 digits are used for each format entry
      for (var i = 0; i < format.length; ++i) {
        if (format[i].length < 2) {
          rval += '0';
        }
        rval += format[i];
      }
      rval += 'Z';

      return rval;
    };

    /*
     * Converts a date to a GeneralizedTime value.
     *
     * @param date the date to convert.
     *
     * @return the GeneralizedTime value as a string.
     */
    asn1.dateToGeneralizedTime = function (date) {
      // FIXME: assumes proper format
      if (typeof date === 'string') {
        return date;
      }

      var rval = '';

      // create format YYYYMMDDHHMMSSZ
      var format = [];
      format.push(('' + date.getUTCFullYear()).substr(2));
      format.push('' + (date.getUTCMonth() + 1));
      format.push('' + date.getUTCDate());
      format.push('' + date.getUTCHours());
      format.push('' + date.getUTCMinutes());
      format.push('' + date.getUTCSeconds());

      // ensure 2 digits are used for each format entry
      for (var i = 0; i < format.length; ++i) {
        if (format[i].length < 2) {
          rval += '0';
        }
        rval += format[i];
      }
      rval += 'Z';

      return rval;
    };

    /*
     * Converts a date to a DER-encoded UTCTime value.
     *
     * @param date the date to convert.
     *
     * @return the UTCTime value as a ByteBuffer.
     */
    asn1.utcTimeToDer = function (date) {
      return new ByteBuffer(asn1.dateToUtcTime(date), 'binary');
    };

    /*
     * Converts a date to a DER-encoded GeneralizedTime value.
     *
     * @param date the date to convert.
     *
     * @return the GeneralizedTime value as a ByteBuffer.
     */
    asn1.generalizedTimeToDer = function (date) {
      return new ByteBuffer(asn1.dateToGeneralizedTime(date), 'binary');
    };

    /*
     * Converts a JavaScript boolean to a DER-encoded ByteBuffer to be used
     * as the value for an BOOLEAN type.
     *
     * @param x the boolean.
     *
     * @return the ByteBuffer.
     */
    asn1.booleanToDer = function (x) {
      // assume already in DER format
      if (x instanceof ByteBuffer) {
        return x.copy();
      }

      var rval = new ByteBuffer();
      if (x) {
        rval.putByte(0xFF);
      } else {
        rval.putByte(0x00);
      }
      return rval;
    };

    /*
     * Converts a DER-encoded ByteBuffer to a JavaScript boolean. This is
     * typically used to decode the value of an BOOLEAN type.
     *
     * @param der the ByteBuffer.
     *
     * @return the boolean.
     */
    asn1.derToBoolean = function (der) {
      if (!(der instanceof ByteBuffer)) {
        throw new TypeError('der must be a ByteBuffer.');
      }
      return der.at(0) !== 0x00;
    };

    /*
     * Converts a JavaScript integer to a DER-encoded ByteBuffer to be used
     * as the value for an INTEGER type.
     *
     * @param x the integer.
     *
     * @return the ByteBuffer.
     */
    asn1.integerToDer = function (x) {
      // assume already in DER format
      if (x instanceof ByteBuffer) {
        return x.copy();
      }

      var rval = new ByteBuffer();
      if (x >= -0x80 && x < 0x80) {
        return rval.putSignedInt(x, 8);
      }
      if (x >= -0x8000 && x < 0x8000) {
        return rval.putSignedInt(x, 16);
      }
      if (x >= -0x800000 && x < 0x800000) {
        return rval.putSignedInt(x, 24);
      }
      if (x >= -0x80000000 && x < 0x80000000) {
        return rval.putSignedInt(x, 32);
      }
      var error = new Error('Integer too large; max is 32-bits.');
      error.integer = x;
      throw error;
    };

    /*
     * Converts a DER-encoded ByteBuffer to a JavaScript integer. This is
     * typically used to decode the value of an INTEGER type.
     *
     * @param der the ByteBuffer.
     *
     * @return the integer.
     */
    asn1.derToInteger = function (der) {
      if (!(der instanceof ByteBuffer)) {
        throw new TypeError('der must be a ByteBuffer.');
      }

      der = der.copy();
      var n = der.length() * 8;
      if (n > 32) {
        throw new Error('Integer too large; max is 32-bits.');
      }
      return der.getSignedInt(n);
    };

    /*
     * Converts a BMPSTRING string to a ByteBuffer.
     *
     * @param value the BMPSTRING string.
     *
     * @return the ByteBuffer.
     */
    asn1.bmpStringToDer = function (value) {
      if (typeof value !== 'string') {
        throw new TypeError('value must be a string.');
      }
      var rval = new ByteBuffer();
      for (var i = 0; i < value.length; ++i) {
        rval.putInt16(value.charCodeAt(i));
      }
      return rval;
    };

    /*
     * Converts a DER-encoded ByteBuffer to a BMPSTRING string. The
     * ByteBuffer should contain only the DER-encoded value, not any tag or
     * length bytes.
     *
     * @param der the ByteBuffer.
     *
     * @return the BMPSTRING string.
     */
    asn1.derToBmpString = function (der) {
      if (!(der instanceof ByteBuffer)) {
        throw new TypeError('der must be a ByteBuffer.');
      }
      var value = '';
      der = der.copy();
      while (der.length() > 0) {
        value += String.fromCharCode(der.getInt16());
      }
      return value;
    };

    /*
     * Validates the that given ASN.1 object is at least a super set of the
     * given ASN.1 structure. Only tag classes and types are checked. An
     * optional map may also be provided to capture ASN.1 values while the
     * structure is checked.
     *
     * To capture an ASN.1 value, set an object in the validator's capture
     * parameter to the key to use in the capture map. For example:
     *
     * {capture: 'foo'} will cause captureMap.foo to reference the ASN.1 value.
     *
     * To capture an auto-formatted ASN.1 value, set an object in the validator's
     * 'capture' to an object with the key 'name' referring to the name to use
     * in the capture map and the key 'format' referring to the type of format
     * to use. Valid formats are:
     *
     * asn1, boolean, number, hex, buffer, date
     *
     * Unknown formats will be ignored.
     *
     * The format 'asn1' will cause the full ASN.1 object to be captured. For
     * example:
     *
     * {capture: {name: 'foo', format: 'asn1'}} will cause captureMap.foo to
     *   be the full ASN.1 object.
     *
     * If the ASN.1 type is BOOLEAN the format 'boolean' will cause
     * a BOOLEAN value to be represented with a native boolean.
     *
     * If the ASN.1 type is INTEGER, the format 'number' will cause
     * an INTEGER value to be represented with a native number unless it is
     * greater than 32 bits in which case the validator will fail. The format
     * 'hex' will cause INTEGERs to be captured in hex. The format 'buffer' will
     * cause the INTEGER value to remain as a DER-encoded buffer.
     *
     * If the ASN.1 type is BITSTRING, the value may be auto-interpreted as a
     * composed ASN.1 structure. To avoid this in the captured value, a format
     * of 'buffer' maybe specified. This will ensure that a ByteBuffer containing
     * the BITSTRING is captured instead of an assumed ASN.1 value.
     *
     * If the ASN.1 type is a UTCTIME or GENERALIZEDTIME, then a format of 'date'
     * will cause the captured value to be a Date object.
     *
     * ASN.1 values that are ByteBuffers will be copied to allow their contents
     * to be manipulated without affecting the original ASN.1 object. This copy
     * can be avoided by capturing the entire ASN.1 object via format: 'asn1'.
     *
     * Objects in the validator may set a field 'optional' to true to indicate that
     * it isn't necessary to pass validation.
     *
     * @param obj the ASN.1 object to validate.
     * @param v the ASN.1 structure validator.
     * @param capture an optional map to capture values in.
     * @param errors an optional array for storing validation errors.
     *
     * @return true on success, false on failure.
     */
    asn1.validate = function (obj, v, capture, errors) {
      var rval = false;

      // ensure tag class and type are the same if specified
      if ((obj.tagClass === v.tagClass || typeof (v.tagClass) === 'undefined') &&
        (obj.type === v.type || typeof (v.type) === 'undefined')) {
        // ensure constructed flag is the same if specified
        if (obj.constructed === v.constructed ||
          typeof (v.constructed) === 'undefined') {
          rval = true;

          // handle sub values
          if (v.value && forge.util.isArray(v.value)) {
            var j = 0;
            for (var i = 0; rval && i < v.value.length; ++i) {
              rval = v.value[i].optional || false;
              if (obj.value[j]) {
                rval = asn1.validate(obj.value[j], v.value[i], capture, errors);
                if (rval) {
                  ++j;
                } else if (v.value[i].optional) {
                  rval = true;
                }
              }
              if (!rval && errors) {
                errors.push(
                  '[' + v.name + '] ' +
                  'Tag class "' + v.tagClass + '", type "' +
                  v.type + '" expected value length "' +
                  v.value.length + '", got "' +
                  obj.value.length + '"');
              }
            }
          }

          if (rval && capture) {
            if (v.capture) {
              var captures = (forge.util.isArray(v.capture) ?
                v.capture : [v.capture]);
              for (var i = 0; i < captures.length; ++i) {
                var params = captures[i];
                var name;
                var value;
                if (typeof params !== 'object') {
                  name = params;
                } else {
                  // {capture: {name: 'foo', format: 'asn1|number|...'}}
                  name = params.name;

                  if (params.format === 'asn1') {
                    value = obj;
                  } else if (v.type === asn1.Type.BOOLEAN) {
                    value = obj.value;
                    if (params.format === 'boolean') {
                      value = asn1.derToBoolean(value);
                    }
                  } else if (v.type === asn1.Type.INTEGER) {
                    // handle INTEGER formats
                    value = obj.value;
                    if (params.format === 'hex') {
                      if (!(value instanceof ByteBuffer)) {
                        value = asn1.integerToDer(value);
                      }
                      value = value.toString('hex');
                    } else if (params.format === 'number' &&
                      typeof value !== 'number') {
                      errors.push(
                        '[' + v.name + '] ' +
                        'INTEGER too large to convert to native number.');
                    } else if (params.format === 'buffer' &&
                      !(value instanceof ByteBuffer)) {
                      value = asn1.integerToDer(value);
                    }
                  } else if (v.type === asn1.Type.BITSTRING) {
                    // handle BITSTRING formats
                    if (!v.composed) {
                      value = obj.value;
                    } else {
                      value = new ByteBuffer().putByte(0);
                      for (var i = 0; i < obj.value.length; ++i) {
                        value.putBuffer(asn1.toDer(value[i]));
                      }
                    }
                  } else if (v.type === asn1.Type.UTCTIME) {
                    value = asn1.utcTimeToDate(obj.value);
                  } else if (v.type === asn1.Type.GENERALIZEDTIME) {
                    value = asn1.utcTimeToDate(obj.value);
                  }
                }
                if (value === undefined) {
                  if (obj.value instanceof ByteBuffer) {
                    value = obj.value.copy();
                  } else {
                    value = obj.value;
                  }
                }
                capture[name] = value;
              }
            }
          }
        } else if (errors) {
          errors.push(
            '[' + v.name + '] ' +
            'Expected constructed "' + v.constructed + '", got "' +
            obj.constructed + '"');
        }
      } else if (errors) {
        if (obj.tagClass !== v.tagClass) {
          errors.push(
            '[' + v.name + '] ' +
            'Expected tag class "' + v.tagClass + '", got "' +
            obj.tagClass + '"');
        }
        if (obj.type !== v.type) {
          errors.push(
            '[' + v.name + '] ' +
            'Expected type "' + v.type + '", got "' + obj.type + '"');
        }
      }
      return rval;
    };

    // regex for testing for non-latin characters
    var _nonLatinRegex = /[^\\u0000-\\u00ff]/;

    /*
     * Pretty prints an ASN.1 object to a string.
     *
     * @param obj the object to write out.
     * @param level the level in the tree.
     * @param indentation the indentation to use.
     *
     * @return the string.
     */
    asn1.prettyPrint = function (obj, level, indentation) {
      var rval = '';

      // set default level and indentation
      level = level || 0;
      indentation = indentation || 2;

      // start new line for deep levels
      if (level > 0) {
        rval += '\n';
      }

      // create indent
      var indent = '';
      for (var i = 0; i < level * indentation; ++i) {
        indent += ' ';
      }

      // print class:type
      rval += indent + 'Tag: ';
      switch (obj.tagClass) {
        case asn1.Class.UNIVERSAL:
          rval += 'Universal:';
          break;
        case asn1.Class.APPLICATION:
          rval += 'Application:';
          break;
        case asn1.Class.CONTEXT_SPECIFIC:
          rval += 'Context-Specific:';
          break;
        case asn1.Class.PRIVATE:
          rval += 'Private:';
          break;
      }

      if (obj.tagClass === asn1.Class.UNIVERSAL) {
        // only universal type names are known
        rval += asn1.getTypeName(obj.tagClass, obj.type);
        rval += ' (' + obj.type + ')';
      } else {
        rval += obj.type;
      }

      rval += '\n';
      rval += indent + 'Constructed: ' + obj.constructed + '\n';

      if (obj.composed) {
        var subvalues = 0;
        var sub = '';
        for (var i = 0; i < obj.value.length; ++i) {
          if (obj.value[i] !== undefined) {
            subvalues += 1;
            sub += asn1.prettyPrint(obj.value[i], level + 1, indentation);
            if ((i + 1) < obj.value.length) {
              sub += ',';
            }
          }
        }
        rval += indent + 'Sub values: ' + subvalues + sub;
      } else {
        rval += indent + 'Value: ';
        if (obj.tagClass === asn1.Type.UNIVERSAL && obj.type === asn1.Type.OID) {
          rval += obj.value;
          if (forge.pki && forge.pki.oids && obj.value in forge.pki.oids) {
            rval += ' (' + forge.pki.oids[obj.value] + ')';
          }
        } else if (obj.tagClass === asn1.Type.UNIVERSAL &&
          obj.type === asn1.Type.BOOLEAN) {
          if (typeof obj.value === 'boolean') {
            rval += obj.value;
            rval += ' (0x' + asn1.booleanToDer(obj.value).toString('hex') + ')';
          } else {
            rval += '0x' + obj.value.toString('hex');
            rval += ' (' + asn1.derToBoolean(obj.value) + ')';
          }
        } else if (obj.tagClass === asn1.Type.UNIVERSAL &&
          obj.type === asn1.Type.INTEGER) {
          if (typeof obj.value === 'number') {
            rval += obj.value;
          } else {
            rval += '0x' + obj.value.toString('hex');
          }
        } else if (obj.tagClass === asn1.Type.UNIVERSAL &&
          obj.type === asn1.Type.NULL) {
          rval += '[null]';
        } else if (obj.value instanceof ByteBuffer) {
          if (obj.value.length() === 0) {
            rval += '[null]';
          } else {
            var binary = obj.value.toString('binary');
            if (!_nonLatinRegex.test(binary)) {
              rval += '(' + binary + ') ';
            }
            rval += '0x' + obj.value.toString('hex');
          }
        } else {
          rval += obj.value;
        }
      }

      return rval;
    };

    asn1.getTypeName = function (tagClass, type) {
      if (tagClass !== asn1.Class.UNIVERSAL) {
        return 'Unknown';
      }

      // known types
      switch (type) {
        case asn1.Type.NONE:
          return 'None';
        case asn1.Type.BOOLEAN:
          return 'Boolean';
        case asn1.Type.BITSTRING:
          return 'Bit String';
        case asn1.Type.INTEGER:
          return 'Integer';
        case asn1.Type.OCTETSTRING:
          return 'Octet String';
        case asn1.Type.NULL:
          return 'Null';
        case asn1.Type.OID:
          return 'Object Identifier';
        case asn1.Type.ODESC:
          return 'Object Descriptor';
        case asn1.Type.EXTERNAL:
          return 'External or Instance of';
        case asn1.Type.REAL:
          return 'Real';
        case asn1.Type.ENUMERATED:
          return 'Enumerated';
        case asn1.Type.EMBEDDED:
          return 'Embedded PDV';
        case asn1.Type.UTF8:
          return 'UTF8';
        case asn1.Type.ROID:
          return 'Relative Object Identifier';
        case asn1.Type.SEQUENCE:
          return 'Sequence';
        case asn1.Type.SET:
          return 'Set';
        case asn1.Type.PRINTABLESTRING:
          return 'Printable String';
        case asn1.Type.IA5STRING:
          return 'IA5 String';
        case asn1.Type.UTCTIME:
          return 'UTC Time';
        case asn1.Type.GENERALIZEDTIME:
          return 'Generalized Time';
        case asn1.Type.BMPSTRING:
          return 'BMP String';
        default:
          return '' + type;
      }
    };

    /*
     * Gets the length of an ASN.1 value.
     *
     * In case the length is not specified, undefined is returned.
     *
     * @param b the ASN.1 ByteBuffer.
     *
     * @return the length of the ASN.1 value.
     */
    function _getValueLength(b) {
      var b2 = b.getByte();
      if (b2 === 0x80) {
        return undefined;
      }

      // see if the length is "short form" or "long form" (bit 8 set)
      var length;
      var longForm = b2 & 0x80;
      if (!longForm) {
        // length is just the first byte
        length = b2;
      } else {
        // the number of bytes the length is specified in bits 7 through 1
        // and each length byte is in big-endian base-256
        length = b.getInt((b2 & 0x7F) << 3);
      }
      return length;
    }

  } // end module implementation

  return initModule(forge);
})();

/**
 * Object IDs for ASN.1.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2013 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    forge.pki = forge.pki || {};
    var oids = forge.pki.oids = forge.oids = forge.oids || {};

    // algorithm OIDs
    oids['1.2.840.113549.1.1.1'] = 'rsaEncryption';
    oids['rsaEncryption'] = '1.2.840.113549.1.1.1';
    // Note: md2 & md4 not implemented
    //oids['1.2.840.113549.1.1.2'] = 'md2WithRSAEncryption';
    //oids['md2WithRSAEncryption'] = '1.2.840.113549.1.1.2';
    //oids['1.2.840.113549.1.1.3'] = 'md4WithRSAEncryption';
    //oids['md4WithRSAEncryption'] = '1.2.840.113549.1.1.3';
    oids['1.2.840.113549.1.1.4'] = 'md5WithRSAEncryption';
    oids['md5WithRSAEncryption'] = '1.2.840.113549.1.1.4';
    oids['1.2.840.113549.1.1.5'] = 'sha1WithRSAEncryption';
    oids['sha1WithRSAEncryption'] = '1.2.840.113549.1.1.5';
    oids['1.2.840.113549.1.1.7'] = 'RSAES-OAEP';
    oids['RSAES-OAEP'] = '1.2.840.113549.1.1.7';
    oids['1.2.840.113549.1.1.8'] = 'mgf1';
    oids['mgf1'] = '1.2.840.113549.1.1.8';
    oids['1.2.840.113549.1.1.9'] = 'pSpecified';
    oids['pSpecified'] = '1.2.840.113549.1.1.9';
    oids['1.2.840.113549.1.1.10'] = 'RSASSA-PSS';
    oids['RSASSA-PSS'] = '1.2.840.113549.1.1.10';
    oids['1.2.840.113549.1.1.11'] = 'sha256WithRSAEncryption';
    oids['sha256WithRSAEncryption'] = '1.2.840.113549.1.1.11';
    oids['1.2.840.113549.1.1.12'] = 'sha384WithRSAEncryption';
    oids['sha384WithRSAEncryption'] = '1.2.840.113549.1.1.12';
    oids['1.2.840.113549.1.1.13'] = 'sha512WithRSAEncryption';
    oids['sha512WithRSAEncryption'] = '1.2.840.113549.1.1.13';
    oids['1.2.840.113549.1.1.14'] = 'sha224WithRSAEncryption';
    oids['sha224WithRSAEncryption'] = '1.2.840.113549.1.1.14';

    oids['1.3.14.3.2.7'] = 'desCBC';
    oids['desCBC'] = '1.3.14.3.2.7';

    oids['1.3.14.3.2.26'] = 'sha1';
    oids['sha1'] = '1.3.14.3.2.26';
    oids['2.16.840.1.101.3.4.2.1'] = 'sha256';
    oids['sha256'] = '2.16.840.1.101.3.4.2.1';
    oids['2.16.840.1.101.3.4.2.2'] = 'sha384';
    oids['sha384'] = '2.16.840.1.101.3.4.2.2';
    oids['2.16.840.1.101.3.4.2.3'] = 'sha512';
    oids['sha512'] = '2.16.840.1.101.3.4.2.3';
    oids['1.2.840.113549.2.5'] = 'md5';
    oids['md5'] = '1.2.840.113549.2.5';

    // pkcs#7 content types
    oids['1.2.840.113549.1.7.1'] = 'data';
    oids['data'] = '1.2.840.113549.1.7.1';
    oids['1.2.840.113549.1.7.2'] = 'signedData';
    oids['signedData'] = '1.2.840.113549.1.7.2';
    oids['1.2.840.113549.1.7.3'] = 'envelopedData';
    oids['envelopedData'] = '1.2.840.113549.1.7.3';
    oids['1.2.840.113549.1.7.4'] = 'signedAndEnvelopedData';
    oids['signedAndEnvelopedData'] = '1.2.840.113549.1.7.4';
    oids['1.2.840.113549.1.7.5'] = 'digestedData';
    oids['digestedData'] = '1.2.840.113549.1.7.5';
    oids['1.2.840.113549.1.7.6'] = 'encryptedData';
    oids['encryptedData'] = '1.2.840.113549.1.7.6';

    // pkcs#9 oids
    oids['1.2.840.113549.1.9.1'] = 'emailAddress';
    oids['emailAddress'] = '1.2.840.113549.1.9.1';
    oids['1.2.840.113549.1.9.2'] = 'unstructuredName';
    oids['unstructuredName'] = '1.2.840.113549.1.9.2';
    oids['1.2.840.113549.1.9.3'] = 'contentType';
    oids['contentType'] = '1.2.840.113549.1.9.3';
    oids['1.2.840.113549.1.9.4'] = 'messageDigest';
    oids['messageDigest'] = '1.2.840.113549.1.9.4';
    oids['1.2.840.113549.1.9.5'] = 'signingTime';
    oids['signingTime'] = '1.2.840.113549.1.9.5';
    oids['1.2.840.113549.1.9.6'] = 'counterSignature';
    oids['counterSignature'] = '1.2.840.113549.1.9.6';
    oids['1.2.840.113549.1.9.7'] = 'challengePassword';
    oids['challengePassword'] = '1.2.840.113549.1.9.7';
    oids['1.2.840.113549.1.9.8'] = 'unstructuredAddress';
    oids['unstructuredAddress'] = '1.2.840.113549.1.9.8';

    oids['1.2.840.113549.1.9.20'] = 'friendlyName';
    oids['friendlyName'] = '1.2.840.113549.1.9.20';
    oids['1.2.840.113549.1.9.21'] = 'localKeyId';
    oids['localKeyId'] = '1.2.840.113549.1.9.21';
    oids['1.2.840.113549.1.9.22.1'] = 'x509Certificate';
    oids['x509Certificate'] = '1.2.840.113549.1.9.22.1';

    // pkcs#12 safe bags
    oids['1.2.840.113549.1.12.10.1.1'] = 'keyBag';
    oids['keyBag'] = '1.2.840.113549.1.12.10.1.1';
    oids['1.2.840.113549.1.12.10.1.2'] = 'pkcs8ShroudedKeyBag';
    oids['pkcs8ShroudedKeyBag'] = '1.2.840.113549.1.12.10.1.2';
    oids['1.2.840.113549.1.12.10.1.3'] = 'certBag';
    oids['certBag'] = '1.2.840.113549.1.12.10.1.3';
    oids['1.2.840.113549.1.12.10.1.4'] = 'crlBag';
    oids['crlBag'] = '1.2.840.113549.1.12.10.1.4';
    oids['1.2.840.113549.1.12.10.1.5'] = 'secretBag';
    oids['secretBag'] = '1.2.840.113549.1.12.10.1.5';
    oids['1.2.840.113549.1.12.10.1.6'] = 'safeContentsBag';
    oids['safeContentsBag'] = '1.2.840.113549.1.12.10.1.6';

    // password-based-encryption for pkcs#12
    oids['1.2.840.113549.1.5.13'] = 'pkcs5PBES2';
    oids['pkcs5PBES2'] = '1.2.840.113549.1.5.13';
    oids['1.2.840.113549.1.5.12'] = 'pkcs5PBKDF2';
    oids['pkcs5PBKDF2'] = '1.2.840.113549.1.5.12';

    oids['1.2.840.113549.1.12.1.1'] = 'pbeWithSHAAnd128BitRC4';
    oids['pbeWithSHAAnd128BitRC4'] = '1.2.840.113549.1.12.1.1';
    oids['1.2.840.113549.1.12.1.2'] = 'pbeWithSHAAnd40BitRC4';
    oids['pbeWithSHAAnd40BitRC4'] = '1.2.840.113549.1.12.1.2';
    oids['1.2.840.113549.1.12.1.3'] = 'pbeWithSHAAnd3-KeyTripleDES-CBC';
    oids['pbeWithSHAAnd3-KeyTripleDES-CBC'] = '1.2.840.113549.1.12.1.3';
    oids['1.2.840.113549.1.12.1.4'] = 'pbeWithSHAAnd2-KeyTripleDES-CBC';
    oids['pbeWithSHAAnd2-KeyTripleDES-CBC'] = '1.2.840.113549.1.12.1.4';
    oids['1.2.840.113549.1.12.1.5'] = 'pbeWithSHAAnd128BitRC2-CBC';
    oids['pbeWithSHAAnd128BitRC2-CBC'] = '1.2.840.113549.1.12.1.5';
    oids['1.2.840.113549.1.12.1.6'] = 'pbewithSHAAnd40BitRC2-CBC';
    oids['pbewithSHAAnd40BitRC2-CBC'] = '1.2.840.113549.1.12.1.6';

    // symmetric key algorithm oids
    oids['1.2.840.113549.3.7'] = 'des-EDE3-CBC';
    oids['des-EDE3-CBC'] = '1.2.840.113549.3.7';
    oids['2.16.840.1.101.3.4.1.2'] = 'aes128-CBC';
    oids['aes128-CBC'] = '2.16.840.1.101.3.4.1.2';
    oids['2.16.840.1.101.3.4.1.22'] = 'aes192-CBC';
    oids['aes192-CBC'] = '2.16.840.1.101.3.4.1.22';
    oids['2.16.840.1.101.3.4.1.42'] = 'aes256-CBC';
    oids['aes256-CBC'] = '2.16.840.1.101.3.4.1.42';

    // certificate issuer/subject OIDs
    oids['2.5.4.3'] = 'commonName';
    oids['commonName'] = '2.5.4.3';
    oids['2.5.4.5'] = 'serialName';
    oids['serialName'] = '2.5.4.5';
    oids['2.5.4.6'] = 'countryName';
    oids['countryName'] = '2.5.4.6';
    oids['2.5.4.7'] = 'localityName';
    oids['localityName'] = '2.5.4.7';
    oids['2.5.4.8'] = 'stateOrProvinceName';
    oids['stateOrProvinceName'] = '2.5.4.8';
    oids['2.5.4.10'] = 'organizationName';
    oids['organizationName'] = '2.5.4.10';
    oids['2.5.4.11'] = 'organizationalUnitName';
    oids['organizationalUnitName'] = '2.5.4.11';

    // X.509 extension OIDs
    oids['2.16.840.1.113730.1.1'] = 'nsCertType';
    oids['nsCertType'] = '2.16.840.1.113730.1.1';
    oids['2.5.29.1'] = 'authorityKeyIdentifier'; // deprecated, use .35
    oids['2.5.29.2'] = 'keyAttributes'; // obsolete use .37 or .15
    oids['2.5.29.3'] = 'certificatePolicies'; // deprecated, use .32
    oids['2.5.29.4'] = 'keyUsageRestriction'; // obsolete use .37 or .15
    oids['2.5.29.5'] = 'policyMapping'; // deprecated use .33
    oids['2.5.29.6'] = 'subtreesConstraint'; // obsolete use .30
    oids['2.5.29.7'] = 'subjectAltName'; // deprecated use .17
    oids['2.5.29.8'] = 'issuerAltName'; // deprecated use .18
    oids['2.5.29.9'] = 'subjectDirectoryAttributes';
    oids['2.5.29.10'] = 'basicConstraints'; // deprecated use .19
    oids['2.5.29.11'] = 'nameConstraints'; // deprecated use .30
    oids['2.5.29.12'] = 'policyConstraints'; // deprecated use .36
    oids['2.5.29.13'] = 'basicConstraints'; // deprecated use .19
    oids['2.5.29.14'] = 'subjectKeyIdentifier';
    oids['subjectKeyIdentifier'] = '2.5.29.14';
    oids['2.5.29.15'] = 'keyUsage';
    oids['keyUsage'] = '2.5.29.15';
    oids['2.5.29.16'] = 'privateKeyUsagePeriod';
    oids['2.5.29.17'] = 'subjectAltName';
    oids['subjectAltName'] = '2.5.29.17';
    oids['2.5.29.18'] = 'issuerAltName';
    oids['issuerAltName'] = '2.5.29.18';
    oids['2.5.29.19'] = 'basicConstraints';
    oids['basicConstraints'] = '2.5.29.19';
    oids['2.5.29.20'] = 'cRLNumber';
    oids['2.5.29.21'] = 'cRLReason';
    oids['2.5.29.22'] = 'expirationDate';
    oids['2.5.29.23'] = 'instructionCode';
    oids['2.5.29.24'] = 'invalidityDate';
    oids['2.5.29.25'] = 'cRLDistributionPoints'; // deprecated use .31
    oids['2.5.29.26'] = 'issuingDistributionPoint'; // deprecated use .28
    oids['2.5.29.27'] = 'deltaCRLIndicator';
    oids['2.5.29.28'] = 'issuingDistributionPoint';
    oids['2.5.29.29'] = 'certificateIssuer';
    oids['2.5.29.30'] = 'nameConstraints';
    oids['2.5.29.31'] = 'cRLDistributionPoints';
    oids['2.5.29.32'] = 'certificatePolicies';
    oids['2.5.29.33'] = 'policyMappings';
    oids['2.5.29.34'] = 'policyConstraints'; // deprecated use .36
    oids['2.5.29.35'] = 'authorityKeyIdentifier';
    oids['2.5.29.36'] = 'policyConstraints';
    oids['2.5.29.37'] = 'extKeyUsage';
    oids['extKeyUsage'] = '2.5.29.37';
    oids['2.5.29.46'] = 'freshestCRL';
    oids['2.5.29.54'] = 'inhibitAnyPolicy';

    // extKeyUsage purposes
    oids['1.3.6.1.5.5.7.3.1'] = 'serverAuth';
    oids['serverAuth'] = '1.3.6.1.5.5.7.3.1';
    oids['1.3.6.1.5.5.7.3.2'] = 'clientAuth';
    oids['clientAuth'] = '1.3.6.1.5.5.7.3.2';
    oids['1.3.6.1.5.5.7.3.3'] = 'codeSigning';
    oids['codeSigning'] = '1.3.6.1.5.5.7.3.3';
    oids['1.3.6.1.5.5.7.3.4'] = 'emailProtection';
    oids['emailProtection'] = '1.3.6.1.5.5.7.3.4';
    oids['1.3.6.1.5.5.7.3.8'] = 'timeStamping';
    oids['timeStamping'] = '1.3.6.1.5.5.7.3.8';

  } // end module implementation

  return initModule(forge);
})();

// Copyright (c) 2005  Tom Wu
// All Rights Reserved.
// See "LICENSE" for details.

// Basic JavaScript BN library - subset useful for RSA encryption.

/*
Licensing (LICENSE)
-------------------

This software is covered under the following copyright:
*/
/*
 * Copyright (c) 2003-2005  Tom Wu
 * All Rights Reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 *
 * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * In addition, the following condition applies:
 *
 * All redistributions must retain an intact copy of this copyright notice
 * and disclaimer.
 */
/*
Address all questions regarding this license to:

  Tom Wu
  tjw@cs.Stanford.EDU
*/

(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // Bits per digit
    var dbits;

    // JavaScript engine analysis
    var canary = 0xdeadbeefcafe;
    var j_lm = ((canary & 0xffffff) == 0xefcafe);

    // (public) Constructor
    function BigInteger(a, b, c) {
      this.data = [];
      if (a != null)
        if ("number" == typeof a) this.fromNumber(a, b, c);
        else if (b == null && "string" != typeof a) this.fromString(a, 256);
        else this.fromString(a, b);
    }

    // return new, unset BigInteger
    function nbi() { return new BigInteger(null); }

    // am: Compute w_j += (x*this_i), propagate carries,
    // c is initial carry, returns final carry.
    // c < 3*dvalue, x < 2*dvalue, this_i < dvalue
    // We need to select the fastest one that works in this environment.

    // am1: use a single mult and divide to get the high bits,
    // max digit bits should be 26 because
    // max internal value = 2*dvalue^2-2*dvalue (< 2^53)
    function am1(i, x, w, j, c, n) {
      while (--n >= 0) {
        var v = x * this.data[i++] + w.data[j] + c;
        c = Math.floor(v / 0x4000000);
        w.data[j++] = v & 0x3ffffff;
      }
      return c;
    }
    // am2 avoids a big mult-and-extract completely.
    // Max digit bits should be <= 30 because we do bitwise ops
    // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
    function am2(i, x, w, j, c, n) {
      var xl = x & 0x7fff, xh = x >> 15;
      while (--n >= 0) {
        var l = this.data[i] & 0x7fff;
        var h = this.data[i++] >> 15;
        var m = xh * l + h * xl;
        l = xl * l + ((m & 0x7fff) << 15) + w.data[j] + (c & 0x3fffffff);
        c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30);
        w.data[j++] = l & 0x3fffffff;
      }
      return c;
    }
    // Alternately, set max digit bits to 28 since some
    // browsers slow down when dealing with 32-bit numbers.
    function am3(i, x, w, j, c, n) {
      var xl = x & 0x3fff, xh = x >> 14;
      while (--n >= 0) {
        var l = this.data[i] & 0x3fff;
        var h = this.data[i++] >> 14;
        var m = xh * l + h * xl;
        l = xl * l + ((m & 0x3fff) << 14) + w.data[j] + c;
        c = (l >> 28) + (m >> 14) + xh * h;
        w.data[j++] = l & 0xfffffff;
      }
      return c;
    }

    // node.js (no browser)
    if (typeof (navigator) === 'undefined') {
      BigInteger.prototype.am = am3;
      dbits = 28;
    } else if (j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
      BigInteger.prototype.am = am2;
      dbits = 30;
    } else if (j_lm && (navigator.appName != "Netscape")) {
      BigInteger.prototype.am = am1;
      dbits = 26;
    } else { // Mozilla/Netscape seems to prefer am3
      BigInteger.prototype.am = am3;
      dbits = 28;
    }

    BigInteger.prototype.DB = dbits;
    BigInteger.prototype.DM = ((1 << dbits) - 1);
    BigInteger.prototype.DV = (1 << dbits);

    var BI_FP = 52;
    BigInteger.prototype.FV = Math.pow(2, BI_FP);
    BigInteger.prototype.F1 = BI_FP - dbits;
    BigInteger.prototype.F2 = 2 * dbits - BI_FP;

    // Digit conversions
    var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
    var BI_RC = new Array();
    var rr, vv;
    rr = "0".charCodeAt(0);
    for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
    rr = "a".charCodeAt(0);
    for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
    rr = "A".charCodeAt(0);
    for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;

    function int2char(n) { return BI_RM.charAt(n); }
    function intAt(s, i) {
      var c = BI_RC[s.charCodeAt(i)];
      return (c == null) ? -1 : c;
    }

    // (protected) copy this to r
    function bnpCopyTo(r) {
      for (var i = this.t - 1; i >= 0; --i) r.data[i] = this.data[i];
      r.t = this.t;
      r.s = this.s;
    }

    // (protected) set from integer value x, -DV <= x < DV
    function bnpFromInt(x) {
      this.t = 1;
      this.s = (x < 0) ? -1 : 0;
      if (x > 0) this.data[0] = x;
      else if (x < -1) this.data[0] = x + this.DV;
      else this.t = 0;
    }

    // return bigint initialized to value
    function nbv(i) { var r = nbi(); r.fromInt(i); return r; }

    // (protected) set from string and radix
    function bnpFromString(s, b) {
      var k;
      if (b == 16) k = 4;
      else if (b == 8) k = 3;
      else if (b == 256) k = 8; // byte array
      else if (b == 2) k = 1;
      else if (b == 32) k = 5;
      else if (b == 4) k = 2;
      else { this.fromRadix(s, b); return; }
      this.t = 0;
      this.s = 0;
      var i = s.length, mi = false, sh = 0;
      while (--i >= 0) {
        var x = (k == 8) ? s[i] & 0xff : intAt(s, i);
        if (x < 0) {
          if (s.charAt(i) == "-") mi = true;
          continue;
        }
        mi = false;
        if (sh == 0)
          this.data[this.t++] = x;
        else if (sh + k > this.DB) {
          this.data[this.t - 1] |= (x & ((1 << (this.DB - sh)) - 1)) << sh;
          this.data[this.t++] = (x >> (this.DB - sh));
        } else
          this.data[this.t - 1] |= x << sh;
        sh += k;
        if (sh >= this.DB) sh -= this.DB;
      }
      if (k == 8 && (s[0] & 0x80) != 0) {
        this.s = -1;
        if (sh > 0) this.data[this.t - 1] |= ((1 << (this.DB - sh)) - 1) << sh;
      }
      this.clamp();
      if (mi) BigInteger.ZERO.subTo(this, this);
    }

    // (protected) clamp off excess high words
    function bnpClamp() {
      var c = this.s & this.DM;
      while (this.t > 0 && this.data[this.t - 1] == c) --this.t;
    }

    // (public) return string representation in given radix
    function bnToString(b) {
      if (this.s < 0) return "-" + this.negate().toString(b);
      var k;
      if (b == 16) k = 4;
      else if (b == 8) k = 3;
      else if (b == 2) k = 1;
      else if (b == 32) k = 5;
      else if (b == 4) k = 2;
      else return this.toRadix(b);
      var km = (1 << k) - 1, d, m = false, r = "", i = this.t;
      var p = this.DB - (i * this.DB) % k;
      if (i-- > 0) {
        if (p < this.DB && (d = this.data[i] >> p) > 0) { m = true; r = int2char(d); }
        while (i >= 0) {
          if (p < k) {
            d = (this.data[i] & ((1 << p) - 1)) << (k - p);
            d |= this.data[--i] >> (p += this.DB - k);
          } else {
            d = (this.data[i] >> (p -= k)) & km;
            if (p <= 0) { p += this.DB; --i; }
          }
          if (d > 0) m = true;
          if (m) r += int2char(d);
        }
      }
      return m ? r : "0";
    }

    // (public) -this
    function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this, r); return r; }

    // (public) |this|
    function bnAbs() { return (this.s < 0) ? this.negate() : this; }

    // (public) return + if this > a, - if this < a, 0 if equal
    function bnCompareTo(a) {
      var r = this.s - a.s;
      if (r != 0) return r;
      var i = this.t;
      r = i - a.t;
      if (r != 0) return (this.s < 0) ? -r : r;
      while (--i >= 0) if ((r = this.data[i] - a.data[i]) != 0) return r;
      return 0;
    }

    // returns bit length of the integer x
    function nbits(x) {
      var r = 1, t;
      if ((t = x >>> 16) != 0) { x = t; r += 16; }
      if ((t = x >> 8) != 0) { x = t; r += 8; }
      if ((t = x >> 4) != 0) { x = t; r += 4; }
      if ((t = x >> 2) != 0) { x = t; r += 2; }
      if ((t = x >> 1) != 0) { x = t; r += 1; }
      return r;
    }

    // (public) return the number of bits in "this"
    function bnBitLength() {
      if (this.t <= 0) return 0;
      return this.DB * (this.t - 1) + nbits(this.data[this.t - 1] ^ (this.s & this.DM));
    }

    // (protected) r = this << n*DB
    function bnpDLShiftTo(n, r) {
      var i;
      for (i = this.t - 1; i >= 0; --i) r.data[i + n] = this.data[i];
      for (i = n - 1; i >= 0; --i) r.data[i] = 0;
      r.t = this.t + n;
      r.s = this.s;
    }

    // (protected) r = this >> n*DB
    function bnpDRShiftTo(n, r) {
      for (var i = n; i < this.t; ++i) r.data[i - n] = this.data[i];
      r.t = Math.max(this.t - n, 0);
      r.s = this.s;
    }

    // (protected) r = this << n
    function bnpLShiftTo(n, r) {
      var bs = n % this.DB;
      var cbs = this.DB - bs;
      var bm = (1 << cbs) - 1;
      var ds = Math.floor(n / this.DB), c = (this.s << bs) & this.DM, i;
      for (i = this.t - 1; i >= 0; --i) {
        r.data[i + ds + 1] = (this.data[i] >> cbs) | c;
        c = (this.data[i] & bm) << bs;
      }
      for (i = ds - 1; i >= 0; --i) r.data[i] = 0;
      r.data[ds] = c;
      r.t = this.t + ds + 1;
      r.s = this.s;
      r.clamp();
    }

    // (protected) r = this >> n
    function bnpRShiftTo(n, r) {
      r.s = this.s;
      var ds = Math.floor(n / this.DB);
      if (ds >= this.t) { r.t = 0; return; }
      var bs = n % this.DB;
      var cbs = this.DB - bs;
      var bm = (1 << bs) - 1;
      r.data[0] = this.data[ds] >> bs;
      for (var i = ds + 1; i < this.t; ++i) {
        r.data[i - ds - 1] |= (this.data[i] & bm) << cbs;
        r.data[i - ds] = this.data[i] >> bs;
      }
      if (bs > 0) r.data[this.t - ds - 1] |= (this.s & bm) << cbs;
      r.t = this.t - ds;
      r.clamp();
    }

    // (protected) r = this - a
    function bnpSubTo(a, r) {
      var i = 0, c = 0, m = Math.min(a.t, this.t);
      while (i < m) {
        c += this.data[i] - a.data[i];
        r.data[i++] = c & this.DM;
        c >>= this.DB;
      }
      if (a.t < this.t) {
        c -= a.s;
        while (i < this.t) {
          c += this.data[i];
          r.data[i++] = c & this.DM;
          c >>= this.DB;
        }
        c += this.s;
      } else {
        c += this.s;
        while (i < a.t) {
          c -= a.data[i];
          r.data[i++] = c & this.DM;
          c >>= this.DB;
        }
        c -= a.s;
      }
      r.s = (c < 0) ? -1 : 0;
      if (c < -1) r.data[i++] = this.DV + c;
      else if (c > 0) r.data[i++] = c;
      r.t = i;
      r.clamp();
    }

    // (protected) r = this * a, r != this,a (HAC 14.12)
    // "this" should be the larger one if appropriate.
    function bnpMultiplyTo(a, r) {
      var x = this.abs(), y = a.abs();
      var i = x.t;
      r.t = i + y.t;
      while (--i >= 0) r.data[i] = 0;
      for (i = 0; i < y.t; ++i) r.data[i + x.t] = x.am(0, y.data[i], r, i, 0, x.t);
      r.s = 0;
      r.clamp();
      if (this.s != a.s) BigInteger.ZERO.subTo(r, r);
    }

    // (protected) r = this^2, r != this (HAC 14.16)
    function bnpSquareTo(r) {
      var x = this.abs();
      var i = r.t = 2 * x.t;
      while (--i >= 0) r.data[i] = 0;
      for (i = 0; i < x.t - 1; ++i) {
        var c = x.am(i, x.data[i], r, 2 * i, 0, 1);
        if ((r.data[i + x.t] += x.am(i + 1, 2 * x.data[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) {
          r.data[i + x.t] -= x.DV;
          r.data[i + x.t + 1] = 1;
        }
      }
      if (r.t > 0) r.data[r.t - 1] += x.am(i, x.data[i], r, 2 * i, 0, 1);
      r.s = 0;
      r.clamp();
    }

    // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
    // r != q, this != m.  q or r may be null.
    function bnpDivRemTo(m, q, r) {
      var pm = m.abs();
      if (pm.t <= 0) return;
      var pt = this.abs();
      if (pt.t < pm.t) {
        if (q != null) q.fromInt(0);
        if (r != null) this.copyTo(r);
        return;
      }
      if (r == null) r = nbi();
      var y = nbi(), ts = this.s, ms = m.s;
      var nsh = this.DB - nbits(pm.data[pm.t - 1]);	// normalize modulus
      if (nsh > 0) { pm.lShiftTo(nsh, y); pt.lShiftTo(nsh, r); } else { pm.copyTo(y); pt.copyTo(r); }
      var ys = y.t;
      var y0 = y.data[ys - 1];
      if (y0 == 0) return;
      var yt = y0 * (1 << this.F1) + ((ys > 1) ? y.data[ys - 2] >> this.F2 : 0);
      var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2;
      var i = r.t, j = i - ys, t = (q == null) ? nbi() : q;
      y.dlShiftTo(j, t);
      if (r.compareTo(t) >= 0) {
        r.data[r.t++] = 1;
        r.subTo(t, r);
      }
      BigInteger.ONE.dlShiftTo(ys, t);
      t.subTo(y, y);	// "negative" y so we can replace sub with am later
      while (y.t < ys) y.data[y.t++] = 0;
      while (--j >= 0) {
        // Estimate quotient digit
        var qd = (r.data[--i] == y0) ? this.DM : Math.floor(r.data[i] * d1 + (r.data[i - 1] + e) * d2);
        if ((r.data[i] += y.am(0, qd, r, j, 0, ys)) < qd) {	// Try it out
          y.dlShiftTo(j, t);
          r.subTo(t, r);
          while (r.data[i] < --qd) r.subTo(t, r);
        }
      }
      if (q != null) {
        r.drShiftTo(ys, q);
        if (ts != ms) BigInteger.ZERO.subTo(q, q);
      }
      r.t = ys;
      r.clamp();
      if (nsh > 0) r.rShiftTo(nsh, r);	// Denormalize remainder
      if (ts < 0) BigInteger.ZERO.subTo(r, r);
    }

    // (public) this mod a
    function bnMod(a) {
      var r = nbi();
      this.abs().divRemTo(a, null, r);
      if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r);
      return r;
    }

    // Modular reduction using "classic" algorithm
    function Classic(m) { this.m = m; }
    function cConvert(x) {
      if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
      else return x;
    }
    function cRevert(x) { return x; }
    function cReduce(x) { x.divRemTo(this.m, null, x); }
    function cMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); }
    function cSqrTo(x, r) { x.squareTo(r); this.reduce(r); }

    Classic.prototype.convert = cConvert;
    Classic.prototype.revert = cRevert;
    Classic.prototype.reduce = cReduce;
    Classic.prototype.mulTo = cMulTo;
    Classic.prototype.sqrTo = cSqrTo;

    // (protected) return "-1/this % 2^DB"; useful for Mont. reduction
    // justification:
    //         xy == 1 (mod m)
    //         xy =  1+km
    //   xy(2-xy) = (1+km)(1-km)
    // x[y(2-xy)] = 1-k^2m^2
    // x[y(2-xy)] == 1 (mod m^2)
    // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
    // should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
    // JS multiply "overflows" differently from C/C++, so care is needed here.
    function bnpInvDigit() {
      if (this.t < 1) return 0;
      var x = this.data[0];
      if ((x & 1) == 0) return 0;
      var y = x & 3;		// y == 1/x mod 2^2
      y = (y * (2 - (x & 0xf) * y)) & 0xf;	// y == 1/x mod 2^4
      y = (y * (2 - (x & 0xff) * y)) & 0xff;	// y == 1/x mod 2^8
      y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff;	// y == 1/x mod 2^16
      // last step - calculate inverse mod DV directly;
      // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
      y = (y * (2 - x * y % this.DV)) % this.DV;		// y == 1/x mod 2^dbits
      // we really want the negative inverse, and -DV < y < DV
      return (y > 0) ? this.DV - y : -y;
    }

    // Montgomery reduction
    function Montgomery(m) {
      this.m = m;
      this.mp = m.invDigit();
      this.mpl = this.mp & 0x7fff;
      this.mph = this.mp >> 15;
      this.um = (1 << (m.DB - 15)) - 1;
      this.mt2 = 2 * m.t;
    }

    // xR mod m
    function montConvert(x) {
      var r = nbi();
      x.abs().dlShiftTo(this.m.t, r);
      r.divRemTo(this.m, null, r);
      if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r);
      return r;
    }

    // x/R mod m
    function montRevert(x) {
      var r = nbi();
      x.copyTo(r);
      this.reduce(r);
      return r;
    }

    // x = x/R mod m (HAC 14.32)
    function montReduce(x) {
      while (x.t <= this.mt2)	// pad x so am has enough room later
        x.data[x.t++] = 0;
      for (var i = 0; i < this.m.t; ++i) {
        // faster way of calculating u0 = x.data[i]*mp mod DV
        var j = x.data[i] & 0x7fff;
        var u0 = (j * this.mpl + (((j * this.mph + (x.data[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM;
        // use am to combine the multiply-shift-add into one call
        j = i + this.m.t;
        x.data[j] += this.m.am(0, u0, x, i, 0, this.m.t);
        // propagate carry
        while (x.data[j] >= x.DV) { x.data[j] -= x.DV; x.data[++j]++; }
      }
      x.clamp();
      x.drShiftTo(this.m.t, x);
      if (x.compareTo(this.m) >= 0) x.subTo(this.m, x);
    }

    // r = "x^2/R mod m"; x != r
    function montSqrTo(x, r) { x.squareTo(r); this.reduce(r); }

    // r = "xy/R mod m"; x,y != r
    function montMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); }

    Montgomery.prototype.convert = montConvert;
    Montgomery.prototype.revert = montRevert;
    Montgomery.prototype.reduce = montReduce;
    Montgomery.prototype.mulTo = montMulTo;
    Montgomery.prototype.sqrTo = montSqrTo;

    // (protected) true iff this is even
    function bnpIsEven() { return ((this.t > 0) ? (this.data[0] & 1) : this.s) == 0; }

    // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
    function bnpExp(e, z) {
      if (e > 0xffffffff || e < 1) return BigInteger.ONE;
      var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1;
      g.copyTo(r);
      while (--i >= 0) {
        z.sqrTo(r, r2);
        if ((e & (1 << i)) > 0) z.mulTo(r2, g, r);
        else { var t = r; r = r2; r2 = t; }
      }
      return z.revert(r);
    }

    // (public) this^e % m, 0 <= e < 2^32
    function bnModPowInt(e, m) {
      var z;
      if (e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
      return this.exp(e, z);
    }

    // protected
    BigInteger.prototype.copyTo = bnpCopyTo;
    BigInteger.prototype.fromInt = bnpFromInt;
    BigInteger.prototype.fromString = bnpFromString;
    BigInteger.prototype.clamp = bnpClamp;
    BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
    BigInteger.prototype.drShiftTo = bnpDRShiftTo;
    BigInteger.prototype.lShiftTo = bnpLShiftTo;
    BigInteger.prototype.rShiftTo = bnpRShiftTo;
    BigInteger.prototype.subTo = bnpSubTo;
    BigInteger.prototype.multiplyTo = bnpMultiplyTo;
    BigInteger.prototype.squareTo = bnpSquareTo;
    BigInteger.prototype.divRemTo = bnpDivRemTo;
    BigInteger.prototype.invDigit = bnpInvDigit;
    BigInteger.prototype.isEven = bnpIsEven;
    BigInteger.prototype.exp = bnpExp;

    // public
    BigInteger.prototype.toString = bnToString;
    BigInteger.prototype.negate = bnNegate;
    BigInteger.prototype.abs = bnAbs;
    BigInteger.prototype.compareTo = bnCompareTo;
    BigInteger.prototype.bitLength = bnBitLength;
    BigInteger.prototype.mod = bnMod;
    BigInteger.prototype.modPowInt = bnModPowInt;

    // "constants"
    BigInteger.ZERO = nbv(0);
    BigInteger.ONE = nbv(1);

    // jsbn2 lib

    //Copyright (c) 2005-2009  Tom Wu
    //All Rights Reserved.
    //See "LICENSE" for details (See jsbn.js for LICENSE).

    //Extended JavaScript BN functions, required for RSA private ops.

    //Version 1.1: new BigInteger("0", 10) returns "proper" zero

    //(public)
    function bnClone() { var r = nbi(); this.copyTo(r); return r; }

    //(public) return value as integer
    function bnIntValue() {
      if (this.s < 0) {
        if (this.t == 1) return this.data[0] - this.DV;
        else if (this.t == 0) return -1;
      } else if (this.t == 1) return this.data[0];
      else if (this.t == 0) return 0;
      // assumes 16 < DB < 32
      return ((this.data[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this.data[0];
    }

    //(public) return value as byte
    function bnByteValue() { return (this.t == 0) ? this.s : (this.data[0] << 24) >> 24; }

    //(public) return value as short (assumes DB>=16)
    function bnShortValue() { return (this.t == 0) ? this.s : (this.data[0] << 16) >> 16; }

    //(protected) return x s.t. r^x < DV
    function bnpChunkSize(r) { return Math.floor(Math.LN2 * this.DB / Math.log(r)); }

    //(public) 0 if this == 0, 1 if this > 0
    function bnSigNum() {
      if (this.s < 0) return -1;
      else if (this.t <= 0 || (this.t == 1 && this.data[0] <= 0)) return 0;
      else return 1;
    }

    //(protected) convert to radix string
    function bnpToRadix(b) {
      if (b == null) b = 10;
      if (this.signum() == 0 || b < 2 || b > 36) return "0";
      var cs = this.chunkSize(b);
      var a = Math.pow(b, cs);
      var d = nbv(a), y = nbi(), z = nbi(), r = "";
      this.divRemTo(d, y, z);
      while (y.signum() > 0) {
        r = (a + z.intValue()).toString(b).substr(1) + r;
        y.divRemTo(d, y, z);
      }
      return z.intValue().toString(b) + r;
    }

    //(protected) convert from radix string
    function bnpFromRadix(s, b) {
      this.fromInt(0);
      if (b == null) b = 10;
      var cs = this.chunkSize(b);
      var d = Math.pow(b, cs), mi = false, j = 0, w = 0;
      for (var i = 0; i < s.length; ++i) {
        var x = intAt(s, i);
        if (x < 0) {
          if (s.charAt(i) == "-" && this.signum() == 0) mi = true;
          continue;
        }
        w = b * w + x;
        if (++j >= cs) {
          this.dMultiply(d);
          this.dAddOffset(w, 0);
          j = 0;
          w = 0;
        }
      }
      if (j > 0) {
        this.dMultiply(Math.pow(b, j));
        this.dAddOffset(w, 0);
      }
      if (mi) BigInteger.ZERO.subTo(this, this);
    }

    //(protected) alternate constructor
    function bnpFromNumber(a, b, c) {
      if ("number" == typeof b) {
        // new BigInteger(int,int,RNG)
        if (a < 2) this.fromInt(1);
        else {
          this.fromNumber(a, c);
          if (!this.testBit(a - 1))  // force MSB set
            this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this);
          if (this.isEven()) this.dAddOffset(1, 0); // force odd
          while (!this.isProbablePrime(b)) {
            this.dAddOffset(2, 0);
            if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this);
          }
        }
      } else {
        // new BigInteger(int,RNG)
        var x = new Array(), t = a & 7;
        x.length = (a >> 3) + 1;
        b.nextBytes(x);
        if (t > 0) x[0] &= ((1 << t) - 1); else x[0] = 0;
        this.fromString(x, 256);
      }
    }

    //(public) convert to bigendian byte array
    function bnToByteArray() {
      var i = this.t, r = new Array();
      r[0] = this.s;
      var p = this.DB - (i * this.DB) % 8, d, k = 0;
      if (i-- > 0) {
        if (p < this.DB && (d = this.data[i] >> p) != (this.s & this.DM) >> p)
          r[k++] = d | (this.s << (this.DB - p));
        while (i >= 0) {
          if (p < 8) {
            d = (this.data[i] & ((1 << p) - 1)) << (8 - p);
            d |= this.data[--i] >> (p += this.DB - 8);
          } else {
            d = (this.data[i] >> (p -= 8)) & 0xff;
            if (p <= 0) { p += this.DB; --i; }
          }
          if ((d & 0x80) != 0) d |= -256;
          if (k == 0 && (this.s & 0x80) != (d & 0x80)) ++k;
          if (k > 0 || d != this.s) r[k++] = d;
        }
      }
      return r;
    }

    function bnEquals(a) { return (this.compareTo(a) == 0); }
    function bnMin(a) { return (this.compareTo(a) < 0) ? this : a; }
    function bnMax(a) { return (this.compareTo(a) > 0) ? this : a; }

    //(protected) r = this op a (bitwise)
    function bnpBitwiseTo(a, op, r) {
      var i, f, m = Math.min(a.t, this.t);
      for (i = 0; i < m; ++i) r.data[i] = op(this.data[i], a.data[i]);
      if (a.t < this.t) {
        f = a.s & this.DM;
        for (i = m; i < this.t; ++i) r.data[i] = op(this.data[i], f);
        r.t = this.t;
      } else {
        f = this.s & this.DM;
        for (i = m; i < a.t; ++i) r.data[i] = op(f, a.data[i]);
        r.t = a.t;
      }
      r.s = op(this.s, a.s);
      r.clamp();
    }

    //(public) this & a
    function op_and(x, y) { return x & y; }
    function bnAnd(a) { var r = nbi(); this.bitwiseTo(a, op_and, r); return r; }

    //(public) this | a
    function op_or(x, y) { return x | y; }
    function bnOr(a) { var r = nbi(); this.bitwiseTo(a, op_or, r); return r; }

    //(public) this ^ a
    function op_xor(x, y) { return x ^ y; }
    function bnXor(a) { var r = nbi(); this.bitwiseTo(a, op_xor, r); return r; }

    //(public) this & ~a
    function op_andnot(x, y) { return x & ~y; }
    function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a, op_andnot, r); return r; }

    //(public) ~this
    function bnNot() {
      var r = nbi();
      for (var i = 0; i < this.t; ++i) r.data[i] = this.DM & ~this.data[i];
      r.t = this.t;
      r.s = ~this.s;
      return r;
    }

    //(public) this << n
    function bnShiftLeft(n) {
      var r = nbi();
      if (n < 0) this.rShiftTo(-n, r); else this.lShiftTo(n, r);
      return r;
    }

    //(public) this >> n
    function bnShiftRight(n) {
      var r = nbi();
      if (n < 0) this.lShiftTo(-n, r); else this.rShiftTo(n, r);
      return r;
    }

    //return index of lowest 1-bit in x, x < 2^31
    function lbit(x) {
      if (x == 0) return -1;
      var r = 0;
      if ((x & 0xffff) == 0) { x >>= 16; r += 16; }
      if ((x & 0xff) == 0) { x >>= 8; r += 8; }
      if ((x & 0xf) == 0) { x >>= 4; r += 4; }
      if ((x & 3) == 0) { x >>= 2; r += 2; }
      if ((x & 1) == 0) ++r;
      return r;
    }

    //(public) returns index of lowest 1-bit (or -1 if none)
    function bnGetLowestSetBit() {
      for (var i = 0; i < this.t; ++i)
        if (this.data[i] != 0) return i * this.DB + lbit(this.data[i]);
      if (this.s < 0) return this.t * this.DB;
      return -1;
    }

    //return number of 1 bits in x
    function cbit(x) {
      var r = 0;
      while (x != 0) { x &= x - 1; ++r; }
      return r;
    }

    //(public) return number of set bits
    function bnBitCount() {
      var r = 0, x = this.s & this.DM;
      for (var i = 0; i < this.t; ++i) r += cbit(this.data[i] ^ x);
      return r;
    }

    //(public) true iff nth bit is set
    function bnTestBit(n) {
      var j = Math.floor(n / this.DB);
      if (j >= this.t) return (this.s != 0);
      return ((this.data[j] & (1 << (n % this.DB))) != 0);
    }

    //(protected) this op (1<<n)
    function bnpChangeBit(n, op) {
      var r = BigInteger.ONE.shiftLeft(n);
      this.bitwiseTo(r, op, r);
      return r;
    }

    //(public) this | (1<<n)
    function bnSetBit(n) { return this.changeBit(n, op_or); }

    //(public) this & ~(1<<n)
    function bnClearBit(n) { return this.changeBit(n, op_andnot); }

    //(public) this ^ (1<<n)
    function bnFlipBit(n) { return this.changeBit(n, op_xor); }

    //(protected) r = this + a
    function bnpAddTo(a, r) {
      var i = 0, c = 0, m = Math.min(a.t, this.t);
      while (i < m) {
        c += this.data[i] + a.data[i];
        r.data[i++] = c & this.DM;
        c >>= this.DB;
      }
      if (a.t < this.t) {
        c += a.s;
        while (i < this.t) {
          c += this.data[i];
          r.data[i++] = c & this.DM;
          c >>= this.DB;
        }
        c += this.s;
      } else {
        c += this.s;
        while (i < a.t) {
          c += a.data[i];
          r.data[i++] = c & this.DM;
          c >>= this.DB;
        }
        c += a.s;
      }
      r.s = (c < 0) ? -1 : 0;
      if (c > 0) r.data[i++] = c;
      else if (c < -1) r.data[i++] = this.DV + c;
      r.t = i;
      r.clamp();
    }

    //(public) this + a
    function bnAdd(a) { var r = nbi(); this.addTo(a, r); return r; }

    //(public) this - a
    function bnSubtract(a) { var r = nbi(); this.subTo(a, r); return r; }

    //(public) this * a
    function bnMultiply(a) { var r = nbi(); this.multiplyTo(a, r); return r; }

    //(public) this / a
    function bnDivide(a) { var r = nbi(); this.divRemTo(a, r, null); return r; }

    //(public) this % a
    function bnRemainder(a) { var r = nbi(); this.divRemTo(a, null, r); return r; }

    //(public) [this/a,this%a]
    function bnDivideAndRemainder(a) {
      var q = nbi(), r = nbi();
      this.divRemTo(a, q, r);
      return new Array(q, r);
    }

    //(protected) this *= n, this >= 0, 1 < n < DV
    function bnpDMultiply(n) {
      this.data[this.t] = this.am(0, n - 1, this, 0, 0, this.t);
      ++this.t;
      this.clamp();
    }

    //(protected) this += n << w words, this >= 0
    function bnpDAddOffset(n, w) {
      if (n == 0) return;
      while (this.t <= w) this.data[this.t++] = 0;
      this.data[w] += n;
      while (this.data[w] >= this.DV) {
        this.data[w] -= this.DV;
        if (++w >= this.t) this.data[this.t++] = 0;
        ++this.data[w];
      }
    }

    //A "null" reducer
    function NullExp() { }
    function nNop(x) { return x; }
    function nMulTo(x, y, r) { x.multiplyTo(y, r); }
    function nSqrTo(x, r) { x.squareTo(r); }

    NullExp.prototype.convert = nNop;
    NullExp.prototype.revert = nNop;
    NullExp.prototype.mulTo = nMulTo;
    NullExp.prototype.sqrTo = nSqrTo;

    //(public) this^e
    function bnPow(e) { return this.exp(e, new NullExp()); }

    //(protected) r = lower n words of "this * a", a.t <= n
    //"this" should be the larger one if appropriate.
    function bnpMultiplyLowerTo(a, n, r) {
      var i = Math.min(this.t + a.t, n);
      r.s = 0; // assumes a,this >= 0
      r.t = i;
      while (i > 0) r.data[--i] = 0;
      var j;
      for (j = r.t - this.t; i < j; ++i) r.data[i + this.t] = this.am(0, a.data[i], r, i, 0, this.t);
      for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a.data[i], r, i, 0, n - i);
      r.clamp();
    }

    //(protected) r = "this * a" without lower n words, n > 0
    //"this" should be the larger one if appropriate.
    function bnpMultiplyUpperTo(a, n, r) {
      --n;
      var i = r.t = this.t + a.t - n;
      r.s = 0; // assumes a,this >= 0
      while (--i >= 0) r.data[i] = 0;
      for (i = Math.max(n - this.t, 0); i < a.t; ++i)
        r.data[this.t + i - n] = this.am(n - i, a.data[i], r, 0, 0, this.t + i - n);
      r.clamp();
      r.drShiftTo(1, r);
    }

    //Barrett modular reduction
    function Barrett(m) {
      // setup Barrett
      this.r2 = nbi();
      this.q3 = nbi();
      BigInteger.ONE.dlShiftTo(2 * m.t, this.r2);
      this.mu = this.r2.divide(m);
      this.m = m;
    }

    function barrettConvert(x) {
      if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m);
      else if (x.compareTo(this.m) < 0) return x;
      else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
    }

    function barrettRevert(x) { return x; }

    //x = x mod m (HAC 14.42)
    function barrettReduce(x) {
      x.drShiftTo(this.m.t - 1, this.r2);
      if (x.t > this.m.t + 1) { x.t = this.m.t + 1; x.clamp(); }
      this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3);
      this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2);
      while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1);
      x.subTo(this.r2, x);
      while (x.compareTo(this.m) >= 0) x.subTo(this.m, x);
    }

    //r = x^2 mod m; x != r
    function barrettSqrTo(x, r) { x.squareTo(r); this.reduce(r); }

    //r = x*y mod m; x,y != r
    function barrettMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); }

    Barrett.prototype.convert = barrettConvert;
    Barrett.prototype.revert = barrettRevert;
    Barrett.prototype.reduce = barrettReduce;
    Barrett.prototype.mulTo = barrettMulTo;
    Barrett.prototype.sqrTo = barrettSqrTo;

    //(public) this^e % m (HAC 14.85)
    function bnModPow(e, m) {
      var i = e.bitLength(), k, r = nbv(1), z;
      if (i <= 0) return r;
      else if (i < 18) k = 1;
      else if (i < 48) k = 3;
      else if (i < 144) k = 4;
      else if (i < 768) k = 5;
      else k = 6;
      if (i < 8)
        z = new Classic(m);
      else if (m.isEven())
        z = new Barrett(m);
      else
        z = new Montgomery(m);

      // precomputation
      var g = new Array(), n = 3, k1 = k - 1, km = (1 << k) - 1;
      g[1] = z.convert(this);
      if (k > 1) {
        var g2 = nbi();
        z.sqrTo(g[1], g2);
        while (n <= km) {
          g[n] = nbi();
          z.mulTo(g2, g[n - 2], g[n]);
          n += 2;
        }
      }

      var j = e.t - 1, w, is1 = true, r2 = nbi(), t;
      i = nbits(e.data[j]) - 1;
      while (j >= 0) {
        if (i >= k1) w = (e.data[j] >> (i - k1)) & km;
        else {
          w = (e.data[j] & ((1 << (i + 1)) - 1)) << (k1 - i);
          if (j > 0) w |= e.data[j - 1] >> (this.DB + i - k1);
        }

        n = k;
        while ((w & 1) == 0) { w >>= 1; --n; }
        if ((i -= n) < 0) { i += this.DB; --j; }
        if (is1) {  // ret == 1, don't bother squaring or multiplying it
          g[w].copyTo(r);
          is1 = false;
        } else {
          while (n > 1) { z.sqrTo(r, r2); z.sqrTo(r2, r); n -= 2; }
          if (n > 0) z.sqrTo(r, r2); else { t = r; r = r2; r2 = t; }
          z.mulTo(r2, g[w], r);
        }

        while (j >= 0 && (e.data[j] & (1 << i)) == 0) {
          z.sqrTo(r, r2); t = r; r = r2; r2 = t;
          if (--i < 0) { i = this.DB - 1; --j; }
        }
      }
      return z.revert(r);
    }

    //(public) gcd(this,a) (HAC 14.54)
    function bnGCD(a) {
      var x = (this.s < 0) ? this.negate() : this.clone();
      var y = (a.s < 0) ? a.negate() : a.clone();
      if (x.compareTo(y) < 0) { var t = x; x = y; y = t; }
      var i = x.getLowestSetBit(), g = y.getLowestSetBit();
      if (g < 0) return x;
      if (i < g) g = i;
      if (g > 0) {
        x.rShiftTo(g, x);
        y.rShiftTo(g, y);
      }
      while (x.signum() > 0) {
        if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x);
        if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y);
        if (x.compareTo(y) >= 0) {
          x.subTo(y, x);
          x.rShiftTo(1, x);
        } else {
          y.subTo(x, y);
          y.rShiftTo(1, y);
        }
      }
      if (g > 0) y.lShiftTo(g, y);
      return y;
    }

    //(protected) this % n, n < 2^26
    function bnpModInt(n) {
      if (n <= 0) return 0;
      var d = this.DV % n, r = (this.s < 0) ? n - 1 : 0;
      if (this.t > 0)
        if (d == 0) r = this.data[0] % n;
        else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this.data[i]) % n;
      return r;
    }

    //(public) 1/this % m (HAC 14.61)
    function bnModInverse(m) {
      var ac = m.isEven();
      if ((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
      var u = m.clone(), v = this.clone();
      var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
      while (u.signum() != 0) {
        while (u.isEven()) {
          u.rShiftTo(1, u);
          if (ac) {
            if (!a.isEven() || !b.isEven()) { a.addTo(this, a); b.subTo(m, b); }
            a.rShiftTo(1, a);
          } else if (!b.isEven()) b.subTo(m, b);
          b.rShiftTo(1, b);
        }
        while (v.isEven()) {
          v.rShiftTo(1, v);
          if (ac) {
            if (!c.isEven() || !d.isEven()) { c.addTo(this, c); d.subTo(m, d); }
            c.rShiftTo(1, c);
          } else if (!d.isEven()) d.subTo(m, d);
          d.rShiftTo(1, d);
        }
        if (u.compareTo(v) >= 0) {
          u.subTo(v, u);
          if (ac) a.subTo(c, a);
          b.subTo(d, b);
        } else {
          v.subTo(u, v);
          if (ac) c.subTo(a, c);
          d.subTo(b, d);
        }
      }
      if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
      if (d.compareTo(m) >= 0) return d.subtract(m);
      if (d.signum() < 0) d.addTo(m, d); else return d;
      if (d.signum() < 0) return d.add(m); else return d;
    }

    var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509];
    var lplim = (1 << 26) / lowprimes[lowprimes.length - 1];

    //(public) test primality with certainty >= 1-.5^t
    function bnIsProbablePrime(t) {
      var i, x = this.abs();
      if (x.t == 1 && x.data[0] <= lowprimes[lowprimes.length - 1]) {
        for (i = 0; i < lowprimes.length; ++i)
          if (x.data[0] == lowprimes[i]) return true;
        return false;
      }
      if (x.isEven()) return false;
      i = 1;
      while (i < lowprimes.length) {
        var m = lowprimes[i], j = i + 1;
        while (j < lowprimes.length && m < lplim) m *= lowprimes[j++];
        m = x.modInt(m);
        while (i < j) if (m % lowprimes[i++] == 0) return false;
      }
      return x.millerRabin(t);
    }

    //(protected) true if probably prime (HAC 4.24, Miller-Rabin)
    function bnpMillerRabin(t) {
      var n1 = this.subtract(BigInteger.ONE);
      var k = n1.getLowestSetBit();
      if (k <= 0) return false;
      var r = n1.shiftRight(k);
      var prng = bnGetPrng();
      var a;
      for (var i = 0; i < t; ++i) {
        // select witness 'a' at random from between 1 and n1
        do {
          a = new BigInteger(this.bitLength(), prng);
        }
        while (a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0);
        var y = a.modPow(r, this);
        if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
          var j = 1;
          while (j++ < k && y.compareTo(n1) != 0) {
            y = y.modPowInt(2, this);
            if (y.compareTo(BigInteger.ONE) == 0) return false;
          }
          if (y.compareTo(n1) != 0) return false;
        }
      }
      return true;
    }

    // get pseudo random number generator
    function bnGetPrng() {
      // create prng with api that matches BigInteger secure random
      return {
        // x is an array to fill with bytes
        nextBytes: function (x) {
          for (var i = 0; i < x.length; ++i) {
            x[i] = Math.floor(Math.random() * 0xFF);
          }
        }
      };
    }

    //protected
    BigInteger.prototype.chunkSize = bnpChunkSize;
    BigInteger.prototype.toRadix = bnpToRadix;
    BigInteger.prototype.fromRadix = bnpFromRadix;
    BigInteger.prototype.fromNumber = bnpFromNumber;
    BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
    BigInteger.prototype.changeBit = bnpChangeBit;
    BigInteger.prototype.addTo = bnpAddTo;
    BigInteger.prototype.dMultiply = bnpDMultiply;
    BigInteger.prototype.dAddOffset = bnpDAddOffset;
    BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
    BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
    BigInteger.prototype.modInt = bnpModInt;
    BigInteger.prototype.millerRabin = bnpMillerRabin;

    //public
    BigInteger.prototype.clone = bnClone;
    BigInteger.prototype.intValue = bnIntValue;
    BigInteger.prototype.byteValue = bnByteValue;
    BigInteger.prototype.shortValue = bnShortValue;
    BigInteger.prototype.signum = bnSigNum;
    BigInteger.prototype.toByteArray = bnToByteArray;
    BigInteger.prototype.equals = bnEquals;
    BigInteger.prototype.min = bnMin;
    BigInteger.prototype.max = bnMax;
    BigInteger.prototype.and = bnAnd;
    BigInteger.prototype.or = bnOr;
    BigInteger.prototype.xor = bnXor;
    BigInteger.prototype.andNot = bnAndNot;
    BigInteger.prototype.not = bnNot;
    BigInteger.prototype.shiftLeft = bnShiftLeft;
    BigInteger.prototype.shiftRight = bnShiftRight;
    BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
    BigInteger.prototype.bitCount = bnBitCount;
    BigInteger.prototype.testBit = bnTestBit;
    BigInteger.prototype.setBit = bnSetBit;
    BigInteger.prototype.clearBit = bnClearBit;
    BigInteger.prototype.flipBit = bnFlipBit;
    BigInteger.prototype.add = bnAdd;
    BigInteger.prototype.subtract = bnSubtract;
    BigInteger.prototype.multiply = bnMultiply;
    BigInteger.prototype.divide = bnDivide;
    BigInteger.prototype.remainder = bnRemainder;
    BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
    BigInteger.prototype.modPow = bnModPow;
    BigInteger.prototype.modInverse = bnModInverse;
    BigInteger.prototype.pow = bnPow;
    BigInteger.prototype.gcd = bnGCD;
    BigInteger.prototype.isProbablePrime = bnIsProbablePrime;

    //BigInteger interfaces not implemented in jsbn:

    //BigInteger(int signum, byte[] magnitude)
    //double doubleValue()
    //float floatValue()
    //int hashCode()
    //long longValue()
    //static BigInteger valueOf(long val)

    forge.jsbn = forge.jsbn || {};
    forge.jsbn.BigInteger = BigInteger;

  } // end module implementation

  return initModule(forge);
})();

/*
 * Javascript implementation of basic RSA algorithms.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2015 Digital Bazaar, Inc.
 *
 * The only algorithm currently supported for PKI is RSA.
 *
 * An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo
 * ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier
 * and a subjectPublicKey of type bit string.
 *
 * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
 * for the algorithm, if any. In the case of RSA, there aren't any.
 *
 * SubjectPublicKeyInfo ::= SEQUENCE {
 *   algorithm AlgorithmIdentifier,
 *   subjectPublicKey BIT STRING
 * }
 *
 * AlgorithmIdentifer ::= SEQUENCE {
 *   algorithm OBJECT IDENTIFIER,
 *   parameters ANY DEFINED BY algorithm OPTIONAL
 * }
 *
 * For an RSA public key, the subjectPublicKey is:
 *
 * RSAPublicKey ::= SEQUENCE {
 *   modulus            INTEGER,    -- n
 *   publicExponent     INTEGER     -- e
 * }
 *
 * PrivateKeyInfo ::= SEQUENCE {
 *   version                   Version,
 *   privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
 *   privateKey                PrivateKey,
 *   attributes           [0]  IMPLICIT Attributes OPTIONAL
 * }
 *
 * Version ::= INTEGER
 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
 * PrivateKey ::= OCTET STRING
 * Attributes ::= SET OF Attribute
 *
 * An RSA private key as the following structure:
 *
 * RSAPrivateKey ::= SEQUENCE {
 *   version Version,
 *   modulus INTEGER, -- n
 *   publicExponent INTEGER, -- e
 *   privateExponent INTEGER, -- d
 *   prime1 INTEGER, -- p
 *   prime2 INTEGER, -- q
 *   exponent1 INTEGER, -- d mod (p-1)
 *   exponent2 INTEGER, -- d mod (q-1)
 *   coefficient INTEGER -- (inverse of q) mod p
 * }
 *
 * Version ::= INTEGER
 *
 * The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1
 */
(function () {
  function initModule(forge) {
    /* ########## Begin module implementation ########## */

    if (typeof BigInteger === 'undefined') {
      var BigInteger = forge.jsbn.BigInteger;
    }

    var ByteBuffer = forge.util.ByteBuffer;

    // shortcut for asn.1 API
    var asn1 = forge.asn1;

    /*
     * RSA encryption and decryption, see RFC 2313.
     */
    forge.pki = forge.pki || {};
    forge.pki.rsa = forge.rsa = forge.rsa || {};
    var pki = forge.pki;

    // for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
    var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];

    /*
     * Sets an RSA public key from BigIntegers modulus and exponent.
     *
     * @param n the modulus.
     * @param e the exponent.
     *
     * @return the public key.
     */
    pki.setRsaPublicKey = pki.rsa.setPublicKey = function (n, e) {
      var key = {
        n: n,
        e: e
      };

      /*
       * Encrypts the given data with this public key. Newer applications
       * should use the 'RSA-OAEP' decryption scheme, 'RSAES-PKCS1-V1_5' is for
       * legacy applications.
       *
       * @param data the data, as a ByteBuffer, to encrypt.
       * @param scheme the encryption scheme to use:
       *          'RSAES-PKCS1-V1_5' (default),
       *          'RSA-OAEP',
       *          'RAW', 'NONE', or null to perform raw RSA encryption,
       *          an object with an 'encode' property set to a function
       *          with the signature 'function(data, key)' that returns
       *          a ByteBuffer representing the encoded data.
       * @param schemeOptions any scheme-specific options.
       *
       * @return the encrypted data as a ByteBuffer.
       */
      key.encrypt = function (data, scheme, schemeOptions) {
        // TODO: if scheme is not first, swap for backwards compatibility

        if (!(data instanceof ByteBuffer)) {
          throw new TypeError('data must be a ByteBuffer.');
        }

        // encode message according to scheme and then RSA encrypt
        scheme = _getEncryptionScheme(scheme);
        var encoded = scheme.encode(key, data, schemeOptions);
        return _rsaEncrypt(key, encoded, _rsaPublicOp);
      };

      /*
       * Verifies the given signature against the given ByteBuffer of data.
       *
       * Two PKCS#1 signature schemes are supported:
       * RSASSA-PKCS1-V1_5 and RSASSA-PSS.
       *
       * By default this implementation uses the "old scheme", i.e.
       * RSASSA-PKCS1-V1_5, in which case once RSA-decrypted, the
       * signature is an OCTET STRING that holds a DigestInfo.
       *
       * DigestInfo ::= SEQUENCE {
       *   digestAlgorithm DigestAlgorithmIdentifier,
       *   digest Digest
       * }
       * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
       * Digest ::= OCTET STRING
       *
       * To perform PSS signature verification, provide an instance
       * of Forge PSS object as the scheme parameter.
       *
       * @param data the data, as a ByteBuffer, to compare against the signature;
       *          for RSASSA-PKCS1-V1_5 and RSASSA-PSS, this should be the message
       *          digest hash that was signed, for EME-PKCS1-v1_5 or NONE, this
       *          would be the raw data that signed.
       * @param signature the signature to verify, as a ByteBuffer.
       * @param scheme signature verification scheme to use:
       *          'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,
       *          a Forge PSS object for RSASSA-PSS,
       *          'EME-PKCS1-v1_5' for PKCS #1 v1.5 block type 2 encoding,
       *          'NONE' or null for none, meaning raw RSA decryption will be
       *            used (which is unsafe if some external padding mechanism isn't
       *            used).
       *
       * @return true if the signature was verified, false if not.
       */
      key.verify = function (data, signature, scheme) {
        // TODO: if scheme is not first, swap for backwards compatibility

        if (!(data instanceof ByteBuffer)) {
          throw new TypeError('data must be a ByteBuffer.');
        }

        // RSA decrypt, then verify according to scheme
        scheme = _getSignatureScheme(scheme);
        var decrypted = _rsaDecrypt(key, signature, _rsaPublicOp);
        return scheme.verify(key, decrypted, data);
      };

      return key;
    };

    /*
     * Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.
     *
     * @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.
     *
     * @return the public key.
     */
    pki.publicKeyFromAsn1 = function (obj) {
      // get SubjectPublicKeyInfo
      var capture = {};
      var errors = [];
      if (asn1.validate(obj, publicKeyValidator, capture, errors)) {
        // check oid
        if (capture.publicKeyOid !== pki.oids.rsaEncryption) {
          var error = new Error('Cannot read public key. Unknown OID.');
          error.oid = capture.publicKeyOid;
          throw error;
        }
        obj = capture.rsaPublicKey;
      }

      // get RSA params
      errors = [];
      if (!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {
        var error = new Error('Cannot read public key. ' +
          'ASN.1 object does not contain an RSAPublicKey.');
        error.errors = errors;
        throw error;
      }

      // FIXME: inefficient, do a cleaner conversion to BigInteger
      var n = capture.publicKeyModulus.toString('hex');
      var e = capture.publicKeyExponent.toString('hex');

      // set public key
      return pki.setRsaPublicKey(
        new BigInteger(n, 16),
        new BigInteger(e, 16));
    };

    /*
     * Converts a public key to an ASN.1 SubjectPublicKeyInfo.
     *
     * @param key the public key.
     *
     * @return the asn1 representation of a SubjectPublicKeyInfo.
     */
    pki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function (key) {
      // SubjectPublicKeyInfo
      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
        // AlgorithmIdentifier
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // algorithm
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
            pki.oids.rsaEncryption),
          // parameters (null)
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null)
        ]),
        // subjectPublicKey
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
          pki.publicKeyToRSAPublicKey(key)
        ])
      ]);
    };

    /*
     * Converts a public key to an ASN.1 RSAPublicKey.
     *
     * @param key the public key.
     *
     * @return the asn1 representation of a RSAPublicKey.
     */
    pki.publicKeyToRSAPublicKey = function (key) {
      // RSAPublicKey
      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
        // modulus (n)
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
          _bnToBuffer(key.n)),
        // publicExponent (e)
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
          _bnToBuffer(key.e))
      ]);
    };

    /*
     * Encrypts a message with an RSA key. This is used for message encryption
     * with a public key and for message signing with a private key.
     *
     * @param m the message to encrypt as a ByteBuffer.
     * @param key the RSA key to use.
     * @param op the public or private key operation to run.
     *
     * @return the encrypted bytes as a ByteBuffer.
     */
    function _rsaEncrypt(key, m, op) {
      // OS2IP (RFC 3447) (load message as BigInteger)
      var x = forge.pkcs1.os2ip(m);

      // do appropriate RSA operation
      var y = op(x, key);

      // I2OSP (RFC 3447) (convert BigInteger back to ByteBuffer)
      // use length of modulus in bytes
      return forge.pkcs1.i2osp(y, Math.ceil(key.n.bitLength() / 8));
    }

    /*
     * Decrypts a message previously encrypted with an RSA key. This is used
     * to decrypted a message with a private key or to decrypt a signature (for
     * verification) with a public key.
     *
     * @param key the RSA key to use.
     * @param ed the encrypted data as a ByteBuffer.
     * @param op the public or private key operation to run.
     *
     * @return the decrypted message as a ByteBuffer.
     */
    function _rsaDecrypt(key, ed, op) {
      // get the length of the modulus in bytes
      var k = Math.ceil(key.n.bitLength() / 8);

      // error if the length of the encrypted data ED is not k
      if (ed.length() !== k) {
        var error = new Error('Encrypted message length is invalid.');
        error.length = ed.length();
        error.expected = k;
        throw error;
      }

      // OS2IP (RFC 3447) (load encrypted data as BigInteger)
      var y = forge.pkcs1.os2ip(ed);

      // y must be less than the modulus or it wasn't the result of
      // a previous mod operation (encryption) using that modulus
      if (y.compareTo(key.n) >= 0) {
        throw new Error('Encrypted message is invalid.');
      }

      // do appropriate RSA operation
      var x = op(y, key);

      // I2OSP (RFC 3447) (convert result back to ByteBuffer)
      return forge.pkcs1.i2osp(x, k);
    }

    /*
     * Performs raw RSA decryption: x^c mod n using an RSA public key (c = e).
     *
     * @param x the number to raise and mod.
     * @param key the key to use.
     *
     * @return the result of x^c mod n (c = e).
     */
    function _rsaPublicOp(x, key) {
      return x.modPow(key.e, key.n);
    }

    /*
     * Performs raw RSA encryption: x^c mod n using an RSA private key (c = d).
     *
     * @param x the number to raise and mod.
     * @param key the key to use.
     *
     * @return the result of x^c mod n (c = d).
     */
    function _rsaPrivateOp(x, key) {
      if (!key.p || !key.q) {
        // allow calculation without CRT params (slow).
        return x.modPow(key.d, key.n);
      }

      // pre-compute dP, dQ, and qInv if necessary
      if (!key.dP) {
        key.dP = key.d.mod(key.p.subtract(BigInteger.ONE));
      }
      if (!key.dQ) {
        key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE));
      }
      if (!key.qInv) {
        key.qInv = key.q.modInverse(key.p);
      }

      /* Chinese remainder theorem (CRT) states:
    
        Suppose n1, n2, ..., nk are positive integers which are pairwise
        coprime (n1 and n2 have no common factors other than 1). For any
        integers x1, x2, ..., xk there exists an integer x solving the
        system of simultaneous congruences (where ~= means modularly
        congruent so a ~= b mod n means a mod n = b mod n):
    
        x ~= x1 mod n1
        x ~= x2 mod n2
        ...
        x ~= xk mod nk
    
        This system of congruences has a single simultaneous solution x
        between 0 and n - 1. Furthermore, each xk solution and x itself
        is congruent modulo the product n = n1*n2*...*nk.
        So x1 mod n = x2 mod n = xk mod n = x mod n.
    
        The single simultaneous solution x can be solved with the following
        equation:
    
        x = sum(xi*ri*si) mod n where ri = n/ni and si = ri^-1 mod ni.
    
        Where x is less than n, xi = x mod ni.
    
        For RSA we are only concerned with k = 2. The modulus n = pq, where
        p and q are coprime. The RSA decryption algorithm is:
    
        y = x^d mod n
    
        Given the above:
    
        x1 = x^d mod p
        r1 = n/p = q
        s1 = q^-1 mod p
        x2 = x^d mod q
        r2 = n/q = p
        s2 = p^-1 mod q
    
        So y = (x1r1s1 + x2r2s2) mod n
             = ((x^d mod p)q(q^-1 mod p) + (x^d mod q)p(p^-1 mod q)) mod n
    
        According to Fermat's Little Theorem, if the modulus P is prime,
        for any integer A not evenly divisible by P, A^(P-1) ~= 1 mod P.
        Since A is not divisible by P it follows that if:
        N ~= M mod (P - 1), then A^N mod P = A^M mod P. Therefore:
    
        A^N mod P = A^(M mod (P - 1)) mod P. (The latter takes less effort
        to calculate). In order to calculate x^d mod p more quickly the
        exponent d mod (p - 1) is stored in the RSA private key (the same
        is done for x^d mod q). These values are referred to as dP and dQ
        respectively. Therefore we now have:
    
        y = ((x^dP mod p)q(q^-1 mod p) + (x^dQ mod q)p(p^-1 mod q)) mod n
    
        Since we'll be reducing x^dP by modulo p (same for q) we can also
        reduce x by p (and q respectively) before hand. Therefore, let
    
        xp = ((x mod p)^dP mod p), and
        xq = ((x mod q)^dQ mod q), yielding:
    
        y = (xp*q*(q^-1 mod p) + xq*p*(p^-1 mod q)) mod n
    
        This can be further reduced to a simple algorithm that only
        requires 1 inverse (the q inverse is used) to be used and stored.
        The algorithm is called Garner's algorithm. If qInv is the
        inverse of q, we simply calculate:
    
        y = (qInv*(xp - xq) mod p) * q + xq
    
        However, there are two further complications. First, we need to
        ensure that xp > xq to prevent signed BigIntegers from being used
        so we add p until this is true (since we will be mod'ing with
        p anyway). Then, there is a known timing attack on algorithms
        using the CRT. To mitigate this risk, "cryptographic blinding"
        should be used. This requires simply generating a random number r between
        0 and n-1 and its inverse and multiplying x by r^e before calculating y
        and then multiplying y by r^-1 afterwards.
      */

      // cryptographic blinding
      var r;
      do {
        r = new BigInteger(
          forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)),
          16).mod(key.n);
      } while (r.equals(BigInteger.ZERO));
      x = x.multiply(r.modPow(key.e, key.n)).mod(key.n);

      // calculate xp and xq
      var xp = x.mod(key.p).modPow(key.dP, key.p);
      var xq = x.mod(key.q).modPow(key.dQ, key.q);

      // xp must be larger than xq to avoid signed bit usage
      while (xp.compareTo(xq) < 0) {
        xp = xp.add(key.p);
      }

      // do last step
      var y = xp.subtract(xq)
        .multiply(key.qInv).mod(key.p)
        .multiply(key.q).add(xq);

      // remove effect of random for cryptographic blinding
      y = y.multiply(r.modInverse(key.n)).mod(key.n);

      return y;
    }

    /*
     * Converts a positive BigInteger into 2's-complement big-endian bytes in
     * a ByteBuffer.
     *
     * @param b the big integer to convert.
     *
     * @return the ByteBuffer.
     */
    function _bnToBuffer(b) {
      // prepend 0x00 if first byte >= 0x80
      var hex = b.toString(16);
      if (hex[0] >= '8') {
        hex = '00' + hex;
      }
      return new ByteBuffer(hex, 'hex');
    }

    // register signature schemes
    var signatureSchemes = {};
    function _getSignatureScheme(scheme) {
      if (scheme === null) {
        scheme = 'NONE';
      }
      if (typeof scheme === 'string') {
        if (!(scheme in signatureSchemes)) {
          throw new Error('Unsupported scheme: ' + scheme);
        }
        scheme = signatureSchemes[scheme];
      } else if (typeof scheme !== 'object') {
        throw new TypeError(
          'scheme must be a string identifying a ' +
          'registered signature scheme or an object that defines the ' +
          'required scheme API.');
      }
      return scheme;
    }
    signatureSchemes.NONE = {
      encode: function (key, input) {
        if (!(input instanceof ByteBuffer)) {
          throw new TypeError('input must be a ByteBuffer');
        }
        return input;
      },
      verify: function (key, encoded, input) {
        // TODO: use compare/equals
        return encoded.getBytes() === input.getBytes();
      }
    };
    // TODO: move to pkcs1? will require dependency change in consumers
    signatureSchemes['RSASSA-PKCS1-V1_5'] = {
      encode: function (key, input) {
        if (!(input instanceof forge.md.MessageDigest)) {
          throw new TypeError('input must be a MessageDigest');
        }
        return forge.pkcs1.encode_rsassa(key, input);
      },
      verify: function (key, encoded, input) {
        var decoded = forge.pkcs1.decode_rsassa(key, encoded);
        // TODO: use compare/equals
        return input.getBytes() === decoded.getBytes();
      }
    };
    signatureSchemes['EME-PKCS1-V1_5'] = {
      encode: function (key, input) {
        if (!(input instanceof ByteBuffer)) {
          throw new TypeError('input must be a ByteBuffer');
        }
        return forge.pkcs1.encode_eme_v1_5(key, input, 0x02);
      },
      verify: function (key, encoded, input) {
        var decoded = forge.pkcs1.decode_eme_v1_5(key, encoded);
        // TODO: use compare/equals
        return input.getBytes() === decoded.getBytes();
      }
    };

    // register encryption schemes
    var encryptionSchemes = {};
    function _getEncryptionScheme(scheme) {
      if (scheme === null) {
        scheme = 'NONE';
      }
      if (typeof scheme === 'string') {
        if (!(scheme in encryptionSchemes)) {
          throw new Error('Unsupported scheme: ' + scheme);
        }
        scheme = encryptionSchemes[scheme];
      } else if (typeof scheme !== 'object') {
        throw new TypeError(
          'scheme must be a string identifying a ' +
          'registered encryption scheme or an object that defines the ' +
          'required scheme API.');
      }
      return scheme;
    }
    encryptionSchemes['RSAES-PKCS1-V1_5'] = {
      encode: function (key, input, options) {
        return forge.pkcs1.encode_rsaes(key, input, options);
      },
      decode: function (key, input, options) {
        return forge.pkcs1.decode_rsaes(key, input, options);
      }
    };
    encryptionSchemes['RSA-OAEP'] = encryptionSchemes['RSAES-OAEP'] = {
      encode: function (key, input, options) {
        return forge.pkcs1.encode_rsa_oaep(key, input, options);
      },
      decode: function (key, input, options) {
        return forge.pkcs1.decode_rsa_oaep(key, input, options);
      }
    };
    encryptionSchemes.NONE = {
      encode: function (key, input) {
        return input;
      },
      decode: function (key, input) {
        return input;
      }
    };

    // validator for an RSA public key
    var rsaPublicKeyValidator = {
      // RSAPublicKey
      name: 'RSAPublicKey',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      value: [{
        // modulus (n)
        name: 'RSAPublicKey.modulus',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.INTEGER,
        constructed: false,
        capture: {
          name: 'publicKeyModulus',
          format: 'buffer'
        }
      }, {
        // publicExponent (e)
        name: 'RSAPublicKey.exponent',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.INTEGER,
        constructed: false,
        capture: {
          name: 'publicKeyExponent',
          format: 'buffer'
        }
      }]
    };

    // validator for an SubjectPublicKeyInfo structure
    // Note: Currently only works with an RSA public key
    var publicKeyValidator = forge.pki.rsa.publicKeyValidator = {
      name: 'SubjectPublicKeyInfo',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      capture: {
        name: 'subjectPublicKeyInfo',
        format: 'asn1'
      },
      value: [{
        name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.SEQUENCE,
        constructed: true,
        value: [{
          name: 'AlgorithmIdentifier.algorithm',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.OID,
          constructed: false,
          capture: 'publicKeyOid'
        }]
      }, {
        // subjectPublicKey
        name: 'SubjectPublicKeyInfo.subjectPublicKey',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.BITSTRING,
        constructed: false,
        value: [{
          // RSAPublicKey
          name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          optional: true,
          capture: {
            name: 'rsaPublicKey',
            format: 'asn1'
          }
        }]
      }]
    };

  } // end module implementation

  return initModule(forge);
})();

/*
 * Javascript implementation of basic PEM (Privacy Enhanced Mail) algorithms.
 *
 * See: RFC 1421.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2013-2014 Digital Bazaar, Inc.
 *
 * A Forge PEM object has the following fields:
 *
 * type: identifies the type of message (eg: "RSA PRIVATE KEY").
 *
 * procType: identifies the type of processing performed on the message,
 *   it has two subfields: version and type, eg: 4,ENCRYPTED.
 *
 * contentDomain: identifies the type of content in the message, typically
 *   only uses the value: "RFC822".
 *
 * dekInfo: identifies the message encryption algorithm and mode and includes
 *   any parameters for the algorithm, it has two subfields: algorithm and
 *   parameters, eg: DES-CBC,F8143EDE5960C597.
 *
 * headers: contains all other PEM encapsulated headers -- where order is
 *   significant (for pairing data like recipient ID + key info).
 *
 * body: the body stored in a ByteBuffer.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // shortcut for pem API
    var pem = forge.pem = forge.pem || {};

    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * Encodes (serializes) the given PEM object.
     *
     * @param msg the PEM message object to encode.
     * @param options the options to use:
     *          maxline the maximum characters per line for the body, (default: 64).
     *
     * @return the PEM-formatted string.
     */
    pem.encode = function (msg, options) {
      options = options || {};
      var maxline = options.maxline || 64;

      var rval = '';//'-----BEGIN ' + msg.type + '-----\r\n'; zhaoyongsheng�޸���������ݲ���ͷβ

      // encode special headers
      var header;
      if (msg.procType) {
        header = {
          name: 'Proc-Type',
          values: [String(msg.procType.version), msg.procType.type]
        };
        rval += foldHeader(header);
      }
      if (msg.contentDomain) {
        header = { name: 'Content-Domain', values: [msg.contentDomain] };
        rval += foldHeader(header);
      }
      if (msg.dekInfo) {
        header = { name: 'DEK-Info', values: [msg.dekInfo.algorithm] };
        if (msg.dekInfo.parameters) {
          header.values.push(msg.dekInfo.parameters);
        }
        rval += foldHeader(header);
      }

      if (msg.headers) {
        // encode all other headers
        for (var i = 0; i < msg.headers.length; ++i) {
          rval += foldHeader(msg.headers[i]);
        }
      }

      // terminate header
      if (msg.procType) {
        rval += '\r\n';
      }

      // add body
      //rval += msg.body.toString('base64', {maxline: maxline}) + '\r\n';

      //rval += '-----END ' + msg.type + '-----\r\n';
      rval += msg.body.toString('base64')//zhaoyongsheng�޸���������ݲ���ͷβ
      return rval;
    };

    /*
     * Decodes (deserializes) all PEM messages found in the given string.
     *
     * @param str the PEM-formatted string to decode.
     *
     * @return the PEM message objects in an array.
     */
    pem.decode = function (str) {
      var rval = [];

      // split string into PEM messages (be lenient w/EOF on BEGIN line)
      var rMessage = /\s*-----BEGIN ([A-Z0-9- ]+)-----\r?\n?([\x21-\x7e\s]+?(?:\r?\n\r?\n))?([:A-Za-z0-9+\/=\s]+?)-----END \1-----/g;
      var rHeader = /([\x21-\x7e]+):\s*([\x21-\x7e\s^:]+)/;
      var rCRLF = /\r?\n/;
      var match;
      while (true) {
        match = rMessage.exec(str);
        if (!match) {
          break;
        }

        var msg = {
          type: match[1],
          procType: null,
          contentDomain: null,
          dekInfo: null,
          headers: [],
          body: new ByteBuffer(match[3], 'base64')
        };
        rval.push(msg);

        // no headers
        if (!match[2]) {
          continue;
        }

        // parse headers
        var lines = match[2].split(rCRLF);
        var li = 0;
        while (match && li < lines.length) {
          // get line, trim any rhs whitespace
          var line = lines[li].replace(/\s+$/, '');

          // RFC2822 unfold any following folded lines
          for (var nl = li + 1; nl < lines.length; ++nl) {
            var next = lines[nl];
            if (!/\s/.test(next[0])) {
              break;
            }
            line += next;
            li = nl;
          }

          // parse header
          match = line.match(rHeader);
          if (match) {
            var header = { name: match[1], values: [] };
            var values = match[2].split(',');
            for (var vi = 0; vi < values.length; ++vi) {
              header.values.push(ltrim(values[vi]));
            }

            // Proc-Type must be the first header
            if (!msg.procType) {
              if (header.name !== 'Proc-Type') {
                throw new Error('Invalid PEM formatted message. The first ' +
                  'encapsulated header must be "Proc-Type".');
              } else if (header.values.length !== 2) {
                throw new Error('Invalid PEM formatted message. The "Proc-Type" ' +
                  'header must have two subfields.');
              }
              msg.procType = { version: values[0], type: values[1] };
            } else if (!msg.contentDomain && header.name === 'Content-Domain') {
              // special-case Content-Domain
              msg.contentDomain = values[0] || '';
            } else if (!msg.dekInfo && header.name === 'DEK-Info') {
              // special-case DEK-Info
              if (header.values.length === 0) {
                throw new Error('Invalid PEM formatted message. The "DEK-Info" ' +
                  'header must have at least one subfield.');
              }
              msg.dekInfo = { algorithm: values[0], parameters: values[1] || null };
            } else {
              msg.headers.push(header);
            }
          }

          ++li;
        }

        if (msg.procType === 'ENCRYPTED' && !msg.dekInfo) {
          throw new Error('Invalid PEM formatted message. The "DEK-Info" ' +
            'header must be present if "Proc-Type" is "ENCRYPTED".');
        }
      }

      if (rval.length === 0) {
        throw new Error('Invalid PEM formatted message.');
      }

      return rval;
    };

    function foldHeader(header) {
      var rval = header.name + ': ';

      // ensure values with CRLF are folded
      var values = [];
      var insertSpace = function (match, $1) {
        return ' ' + $1;
      };
      for (var i = 0; i < header.values.length; ++i) {
        values.push(header.values[i].replace(/^(\S+\r\n)/, insertSpace));
      }
      rval += values.join(',') + '\r\n';

      // do folding
      var length = 0;
      var candidate = -1;
      for (var i = 0; i < rval.length; ++i, ++length) {
        if (length > 65 && candidate !== -1) {
          var insert = rval[candidate];
          if (insert === ',') {
            ++candidate;
            rval = rval.substr(0, candidate) + '\r\n ' + rval.substr(candidate);
          } else {
            rval = rval.substr(0, candidate) +
              '\r\n' + insert + rval.substr(candidate + 1);
          }
          length = (i - candidate - 1);
          candidate = -1;
          ++i;
        } else if (rval[i] === ' ' || rval[i] === '\t' || rval[i] === ',') {
          candidate = i;
        }
      }

      return rval;
    }

    function ltrim(str) {
      return str.replace(/^\s+/, '');
    }

  } // end module implementation

  return initModule(forge);
})();

/*
 * Javascript implementation of X.509 and related components (such as
 * Certification Signing Requests) of a Public Key Infrastructure.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 *
 * The ASN.1 representation of an X.509v3 certificate is as follows
 * (see RFC 2459):
 *
 * Certificate ::= SEQUENCE {
 *   tbsCertificate       TBSCertificate,
 *   signatureAlgorithm   AlgorithmIdentifier,
 *   signatureValue       BIT STRING
 * }
 *
 * TBSCertificate ::= SEQUENCE {
 *   version         [0]  EXPLICIT Version DEFAULT v1,
 *   serialNumber         CertificateSerialNumber,
 *   signature            AlgorithmIdentifier,
 *   issuer               Name,
 *   validity             Validity,
 *   subject              Name,
 *   subjectPublicKeyInfo SubjectPublicKeyInfo,
 *   issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                        -- If present, version shall be v2 or v3
 *   subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                        -- If present, version shall be v2 or v3
 *   extensions      [3]  EXPLICIT Extensions OPTIONAL
 *                        -- If present, version shall be v3
 * }
 *
 * Version ::= INTEGER  { v1(0), v2(1), v3(2) }
 *
 * CertificateSerialNumber ::= INTEGER
 *
 * Name ::= CHOICE {
 *   // only one possible choice for now
 *   RDNSequence
 * }
 *
 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
 *
 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
 *
 * AttributeTypeAndValue ::= SEQUENCE {
 *   type     AttributeType,
 *   value    AttributeValue
 * }
 * AttributeType ::= OBJECT IDENTIFIER
 * AttributeValue ::= ANY DEFINED BY AttributeType
 *
 * Validity ::= SEQUENCE {
 *   notBefore      Time,
 *   notAfter       Time
 * }
 *
 * Time ::= CHOICE {
 *   utcTime        UTCTime,
 *   generalTime    GeneralizedTime
 * }
 *
 * UniqueIdentifier ::= BIT STRING
 *
 * SubjectPublicKeyInfo ::= SEQUENCE {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING
 * }
 *
 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
 *
 * Extension ::= SEQUENCE {
 *   extnID      OBJECT IDENTIFIER,
 *   critical    BOOLEAN DEFAULT FALSE,
 *   extnValue   OCTET STRING
 * }
 *
 * The only key algorithm currently supported for PKI is RSA.
 *
 * RSASSA-PSS signatures are described in RFC 3447 and RFC 4055.
 *
 * PKCS#10 v1.7 describes certificate signing requests:
 *
 * CertificationRequestInfo:
 *
 * CertificationRequestInfo ::= SEQUENCE {
 *   version       INTEGER { v1(0) } (v1,...),
 *   subject       Name,
 *   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
 *   attributes    [0] Attributes{{ CRIAttributes }}
 * }
 *
 * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
 *
 * CRIAttributes  ATTRIBUTE  ::= {
 *   ... -- add any locally defined attributes here -- }
 *
 * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
 *   type   ATTRIBUTE.&id({IOSet}),
 *   values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
 * }
 *
 * CertificationRequest ::= SEQUENCE {
 *   certificationRequestInfo CertificationRequestInfo,
 *   signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
 *   signature          BIT STRING
 * }
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    var ByteBuffer = forge.util.ByteBuffer;

    // shortcut for asn.1 API
    var asn1 = forge.asn1;

    /* Public Key Infrastructure (PKI) implementation. */
    var pki = forge.pki = forge.pki || {};
    var oids = pki.oids;

    // short name OID mappings
    var _shortNames = {};
    _shortNames['CN'] = oids['commonName'];
    _shortNames['commonName'] = 'CN';
    _shortNames['C'] = oids['countryName'];
    _shortNames['countryName'] = 'C';
    _shortNames['L'] = oids['localityName'];
    _shortNames['localityName'] = 'L';
    _shortNames['ST'] = oids['stateOrProvinceName'];
    _shortNames['stateOrProvinceName'] = 'ST';
    _shortNames['O'] = oids['organizationName'];
    _shortNames['organizationName'] = 'O';
    _shortNames['OU'] = oids['organizationalUnitName'];
    _shortNames['organizationalUnitName'] = 'OU';
    _shortNames['E'] = oids['emailAddress'];
    _shortNames['emailAddress'] = 'E';

    // validator for an SubjectPublicKeyInfo structure
    // Note: Currently only works with an RSA public key
    var publicKeyValidator = forge.pki.rsa.publicKeyValidator;

    // validator for an X.509v3 certificate
    var x509CertificateValidator = {
      name: 'Certificate',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      value: [{
        name: 'Certificate.TBSCertificate',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.SEQUENCE,
        constructed: true,
        capture: {
          name: 'tbsCertificate',
          format: 'asn1'
        },
        value: [{
          name: 'Certificate.TBSCertificate.version',
          tagClass: asn1.Class.CONTEXT_SPECIFIC,
          type: 0,
          constructed: true,
          optional: true,
          value: [{
            name: 'Certificate.TBSCertificate.version.integer',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.INTEGER,
            constructed: false,
            capture: 'certVersion'
          }]
        }, {
          name: 'Certificate.TBSCertificate.serialNumber',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.INTEGER,
          constructed: false,
          capture: {
            name: 'certSerialNumber',
            format: 'hex'
          }
        }, {
          name: 'Certificate.TBSCertificate.signature',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          value: [{
            name: 'Certificate.TBSCertificate.signature.algorithm',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.OID,
            constructed: false,
            capture: 'certinfoSignatureOid'
          }, {
            name: 'Certificate.TBSCertificate.signature.parameters',
            tagClass: asn1.Class.UNIVERSAL,
            optional: true,
            capture: {
              name: 'certinfoSignatureParams',
              format: 'asn1'
            }
          }]
        }, {
          name: 'Certificate.TBSCertificate.issuer',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          capture: {
            name: 'certIssuer',
            format: 'asn1'
          }
        }, {
          name: 'Certificate.TBSCertificate.validity',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          // Note: UTC and generalized times may both appear so the capture
          // names are based on their detected order, the names used below
          // are only for the common case, which validity time really means
          // "notBefore" and which means "notAfter" will be determined by order,
          // a less common case, for example, may have the first time as UTC and
          // the second as generalized -- which would produce names with the
          // suffixes ".notBefore(utc)" and ".notBefore (generalized)", here the
          // latter would be the "notAfter" time
          value: [{
            // notBefore (Time) (UTC time case)
            name: 'Certificate.TBSCertificate.validity.notBefore (utc)',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.UTCTIME,
            constructed: false,
            optional: true,
            capture: {
              name: 'certValidity1UTCTime',
              format: 'date'
            }
          }, {
            // notBefore (Time) (generalized time case)
            name: 'Certificate.TBSCertificate.validity.notBefore (generalized)',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.GENERALIZEDTIME,
            constructed: false,
            optional: true,
            capture: {
              name: 'certValidity2GeneralizedTime',
              format: 'date'
            }
          }, {
            // notAfter (Time) (only UTC time is supported)
            name: 'Certificate.TBSCertificate.validity.notAfter (utc)',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.UTCTIME,
            constructed: false,
            optional: true,
            capture: {
              name: 'certValidity3UTCTime',
              format: 'date'
            }
          }, {
            // notAfter (Time) (only UTC time is supported)
            name: 'Certificate.TBSCertificate.validity.notAfter (generalized)',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.GENERALIZEDTIME,
            constructed: false,
            optional: true,
            capture: {
              name: 'certValidity4GeneralizedTime',
              format: 'date'
            }
          }]
        }, {
          // Name (subject) (RDNSequence)
          name: 'Certificate.TBSCertificate.subject',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          capture: {
            name: 'certSubject',
            format: 'asn1'
          }
        },
          // SubjectPublicKeyInfo
          publicKeyValidator,
        {
          // issuerUniqueID (optional)
          name: 'Certificate.TBSCertificate.issuerUniqueID',
          tagClass: asn1.Class.CONTEXT_SPECIFIC,
          type: 1,
          constructed: true,
          optional: true,
          value: [{
            name: 'Certificate.TBSCertificate.issuerUniqueID.id',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.BITSTRING,
            constructed: false,
            capture: {
              name: 'certIssuerUniqueId',
              format: 'buffer'
            }
          }]
        }, {
          // subjectUniqueID (optional)
          name: 'Certificate.TBSCertificate.subjectUniqueID',
          tagClass: asn1.Class.CONTEXT_SPECIFIC,
          type: 2,
          constructed: true,
          optional: true,
          value: [{
            name: 'Certificate.TBSCertificate.subjectUniqueID.id',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.BITSTRING,
            constructed: false,
            capture: {
              name: 'certSubjectUniqueId',
              format: 'buffer'
            }
          }]
        }, {
          // Extensions (optional)
          name: 'Certificate.TBSCertificate.extensions',
          tagClass: asn1.Class.CONTEXT_SPECIFIC,
          type: 3,
          constructed: true,
          capture: {
            name: 'certExtensions',
            format: 'asn1'
          },
          optional: true
        }]
      }, {
        // AlgorithmIdentifier (signature algorithm)
        name: 'Certificate.signatureAlgorithm',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.SEQUENCE,
        constructed: true,
        value: [{
          // algorithm
          name: 'Certificate.signatureAlgorithm.algorithm',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.OID,
          constructed: false,
          capture: 'certSignatureOid'
        }, {
          name: 'Certificate.TBSCertificate.signature.parameters',
          tagClass: asn1.Class.UNIVERSAL,
          optional: true,
          capture: {
            name: 'certSignatureParams',
            format: 'asn1'
          }
        }]
      }, {
        // SignatureValue
        name: 'Certificate.signatureValue',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.BITSTRING,
        constructed: false,
        capture: {
          name: 'certSignature',
          format: 'buffer'
        }
      }]
    };

    var rsassaPssParameterValidator = {
      name: 'rsapss',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      value: [{
        name: 'rsapss.hashAlgorithm',
        tagClass: asn1.Class.CONTEXT_SPECIFIC,
        type: 0,
        constructed: true,
        value: [{
          name: 'rsapss.hashAlgorithm.AlgorithmIdentifier',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Class.SEQUENCE,
          constructed: true,
          optional: true,
          value: [{
            name: 'rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.OID,
            constructed: false,
            capture: 'hashOid'
            /* parameter block omitted, for SHA1 NULL anyhow. */
          }]
        }]
      }, {
        name: 'rsapss.maskGenAlgorithm',
        tagClass: asn1.Class.CONTEXT_SPECIFIC,
        type: 1,
        constructed: true,
        value: [{
          name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Class.SEQUENCE,
          constructed: true,
          optional: true,
          value: [{
            name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.OID,
            constructed: false,
            capture: 'maskGenOid'
          }, {
            name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.SEQUENCE,
            constructed: true,
            value: [{
              name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm',
              tagClass: asn1.Class.UNIVERSAL,
              type: asn1.Type.OID,
              constructed: false,
              capture: 'maskGenHashOid'
              /* parameter block omitted, for SHA1 NULL anyhow. */
            }]
          }]
        }]
      }, {
        name: 'rsapss.saltLength',
        tagClass: asn1.Class.CONTEXT_SPECIFIC,
        type: 2,
        optional: true,
        value: [{
          name: 'rsapss.saltLength.saltLength',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Class.INTEGER,
          constructed: false,
          capture: {
            name: 'saltLength',
            format: 'number'
          }
        }]
      }, {
        name: 'rsapss.trailerField',
        tagClass: asn1.Class.CONTEXT_SPECIFIC,
        type: 3,
        optional: true,
        value: [{
          name: 'rsapss.trailer.trailer',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Class.INTEGER,
          constructed: false,
          capture: {
            name: 'trailer',
            format: 'number'
          }
        }]
      }]
    };

    // validator for a CertificationRequestInfo structure
    var certificationRequestInfoValidator = {
      name: 'CertificationRequestInfo',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      capture: {
        name: 'certificationRequestInfo',
        format: 'asn1'
      },
      value: [{
        name: 'CertificationRequestInfo.integer',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.INTEGER,
        constructed: false,
        capture: 'certificationRequestInfoVersion'
      }, {
        // Name (subject) (RDNSequence)
        name: 'CertificationRequestInfo.subject',
        tagClass: asn1.Class.UNIVERSAL,
        type: asn1.Type.SEQUENCE,
        constructed: true,
        capture: {
          name: 'certificationRequestInfoSubject',
          format: 'asn1'
        }
      },
        // SubjectPublicKeyInfo
        publicKeyValidator,
      {
        name: 'CertificationRequestInfo.attributes',
        tagClass: asn1.Class.CONTEXT_SPECIFIC,
        type: 0,
        constructed: true,
        optional: true,
        capture: 'certificationRequestInfoAttributes',
        value: [{
          name: 'CertificationRequestInfo.attributes',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          value: [{
            name: 'CertificationRequestInfo.attributes.type',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.OID,
            constructed: false
          }, {
            name: 'CertificationRequestInfo.attributes.value',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.SET,
            constructed: true
          }]
        }]
      }]
    };

    // validator for a CertificationRequest structure
    var certificationRequestValidator = {
      name: 'CertificationRequest',
      tagClass: asn1.Class.UNIVERSAL,
      type: asn1.Type.SEQUENCE,
      constructed: true,
      capture: {
        name: 'csr',
        format: 'asn1'
      },
      value: [
        certificationRequestInfoValidator, {
          // AlgorithmIdentifier (signature algorithm)
          name: 'CertificationRequest.signatureAlgorithm',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.SEQUENCE,
          constructed: true,
          value: [{
            // algorithm
            name: 'CertificationRequest.signatureAlgorithm.algorithm',
            tagClass: asn1.Class.UNIVERSAL,
            type: asn1.Type.OID,
            constructed: false,
            capture: 'csrSignatureOid'
          }, {
            name: 'CertificationRequest.signatureAlgorithm.parameters',
            tagClass: asn1.Class.UNIVERSAL,
            optional: true,
            capture: {
              name: 'csrSignatureParams',
              format: 'asn1'
            }
          }]
        }, {
          // signature
          name: 'CertificationRequest.signature',
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.BITSTRING,
          constructed: false,
          capture: {
            name: 'csrSignature',
            format: 'buffer'
          }
        }]
    };

    /*
     * Converts an RDNSequence of ASN.1 DER-encoded RelativeDistinguishedName
     * sets into an array with objects that have type and value properties.
     *
     * @param rdn the RDNSequence to convert.
     * @param md a message digest to append type and value to if provided.
     */
    pki.RDNAttributesAsArray = function (rdn, md) {
      var rval = [];

      // each value in 'rdn' in is a SET of RelativeDistinguishedName
      var set, attr, obj;
      for (var si = 0; si < rdn.value.length; ++si) {
        // get the RelativeDistinguishedName set
        set = rdn.value[si];

        // each value in the SET is an AttributeTypeAndValue sequence
        // containing first a type (an OID) and second a value (defined by
        // the OID)
        for (var i = 0; i < set.value.length; ++i) {
          obj = {};
          attr = set.value[i];
          obj.type = attr.value[0].value;
          obj.value = attr.value[1].value;
          obj.valueTagClass = attr.value[1].tagClass;
          obj.valueType = attr.value[1].type;
          // if the OID is known, get its name and short name
          if (obj.type in oids) {
            obj.name = oids[obj.type];
            if (obj.name in _shortNames) {
              obj.shortName = _shortNames[obj.name];
            }
          }
          if (md) {
            md.update(obj.type, 'utf8');
            md.update(asn1.nativeToDer(
              obj.value, obj.valueTagClass, obj.valueType));
          }
          rval.push(obj);
        }
      }

      return rval;
    };

    /*
     * Converts ASN.1 CRIAttributes into an array with objects that have type and
     * value properties.
     *
     * @param attributes the CRIAttributes to convert.
     */
    pki.CRIAttributesAsArray = function (attributes) {
      var rval = [];

      // each value in 'attributes' in is a SEQUENCE with an OID and a SET
      for (var si = 0; si < attributes.length; ++si) {
        // get the attribute sequence
        var seq = attributes[si];

        // each value in the SEQUENCE containing first a type (an OID) and
        // second a set of values (defined by the OID)
        var type = seq.value[0].value;
        var values = seq.value[1].value;
        for (var vi = 0; vi < values.length; ++vi) {
          var obj = {};
          obj.type = type;
          obj.value = values[vi].value;
          obj.valueTagClass = values[vi].tagClass;
          obj.valueType = values[vi].type;
          // if the OID is known, get its name and short name
          if (obj.type in oids) {
            obj.name = oids[obj.type];
            if (obj.name in _shortNames) {
              obj.shortName = _shortNames[obj.name];
            }
          }
          rval.push(obj);
        }
      }

      return rval;
    };

    /*
     * Gets an issuer or subject attribute from its name, type, or short name.
     *
     * @param obj the issuer or subject object.
     * @param options a short name string or an object with:
     *          shortName the short name for the attribute.
     *          name the name for the attribute.
     *          type the type for the attribute.
     *
     * @return the attribute.
     */
    function _getAttribute(obj, options) {
      if (typeof options === 'string') {
        options = { shortName: options };
      }

      var rval = null;
      var attr;
      for (var i = 0; rval === null && i < obj.attributes.length; ++i) {
        attr = obj.attributes[i];
        if (options.type && options.type === attr.type) {
          rval = attr;
        } else if (options.name && options.name === attr.name) {
          rval = attr;
        } else if (options.shortName && options.shortName === attr.shortName) {
          rval = attr;
        }
      }
      return rval;
    }

    /*
     * Converts an ASN.1 extensions object (with extension sequences as its
     * values) into an array of extension objects with types and values.
     *
     * Supported extensions:
     *
     * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
     * KeyUsage ::= BIT STRING {
     *   digitalSignature        (0),
     *   nonRepudiation          (1),
     *   keyEncipherment         (2),
     *   dataEncipherment        (3),
     *   keyAgreement            (4),
     *   keyCertSign             (5),
     *   cRLSign                 (6),
     *   encipherOnly            (7),
     *   decipherOnly            (8)
     * }
     *
     * id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
     * BasicConstraints ::= SEQUENCE {
     *   cA                      BOOLEAN DEFAULT FALSE,
     *   pathLenConstraint       INTEGER (0..MAX) OPTIONAL
     * }
     *
     * subjectAltName EXTENSION ::= {
     *   SYNTAX GeneralNames
     *   IDENTIFIED BY id-ce-subjectAltName
     * }
     *
     * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
     *
     * GeneralName ::= CHOICE {
     *   otherName      [0] INSTANCE OF OTHER-NAME,
     *   rfc822Name     [1] IA5String,
     *   dNSName        [2] IA5String,
     *   x400Address    [3] ORAddress,
     *   directoryName  [4] Name,
     *   ediPartyName   [5] EDIPartyName,
     *   uniformResourceIdentifier [6] IA5String,
     *   IPAddress      [7] OCTET STRING,
     *   registeredID   [8] OBJECT IDENTIFIER
     * }
     *
     * OTHER-NAME ::= TYPE-IDENTIFIER
     *
     * EDIPartyName ::= SEQUENCE {
     *   nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
     *   partyName    [1] DirectoryString {ub-name}
     * }
     *
     * @param exts the extensions ASN.1 with extension sequences to parse.
     *
     * @return the array.
     */
    var _parseExtensions = function (exts) {
      var rval = [];

      var e, ext, extseq;
      for (var i = 0; i < exts.value.length; ++i) {
        // get extension sequence
        extseq = exts.value[i];
        for (var ei = 0; ei < extseq.value.length; ++ei) {
          // an extension has:
          // [0] extnID      OBJECT IDENTIFIER
          // [1] critical    BOOLEAN DEFAULT FALSE
          // [2] extnValue   OCTET STRING
          ext = extseq.value[ei];
          e = {};
          e.id = ext.value[0].value;
          e.critical = false;
          if (ext.value[1].type === asn1.Type.BOOLEAN) {
            e.critical = asn1.derToBoolean(ext.value[1].value);
            e.value = ext.value[2].value.copy();
          } else {
            e.value = ext.value[1].value.copy();
          }
          // if the oid is known, get its name
          if (e.id in oids) {
            e.name = oids[e.id];

            // handle key usage
            if (e.name === 'keyUsage') {
              // get value as BIT STRING
              var ev = asn1.fromDer(e.value);
              var b2 = 0x00;
              var b3 = 0x00;
              if (ev.value.length() > 1) {
                // skip first byte, just indicates unused bits which
                // will be padded with 0s anyway
                // get bytes with flag bits
                b2 = ev.value.at(1);
                b3 = ev.value.length() > 2 ? ev.value.at(2) : 0;
              }
              // set flags
              e.digitalSignature = (b2 & 0x80) === 0x80;
              e.nonRepudiation = (b2 & 0x40) === 0x40;
              e.keyEncipherment = (b2 & 0x20) === 0x20;
              e.dataEncipherment = (b2 & 0x10) === 0x10;
              e.keyAgreement = (b2 & 0x08) === 0x08;
              e.keyCertSign = (b2 & 0x04) === 0x04;
              e.cRLSign = (b2 & 0x02) === 0x02;
              e.encipherOnly = (b2 & 0x01) === 0x01;
              e.decipherOnly = (b3 & 0x80) === 0x80;
            } else if (e.name === 'basicConstraints') {
              // handle basic constraints
              // get value as SEQUENCE
              var ev = asn1.fromDer(e.value);
              // get cA BOOLEAN flag (defaults to false)
              if (ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) {
                e.cA = asn1.derToBoolean(ev.value[0].value);
              } else {
                e.cA = false;
              }
              // get path length constraint
              var value = null;
              if (ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) {
                value = ev.value[0].value;
              } else if (ev.value.length > 1) {
                value = ev.value[1].value;
              }
              // if pathLenConstraint is set and not larger than 32-bits, use it
              if (value !== null && !(value instanceof ByteBuffer)) {
                e.pathLenConstraint = value;
              }
            } else if (e.name === 'extKeyUsage') {
              // handle extKeyUsage
              // value is a SEQUENCE of OIDs
              var ev = asn1.fromDer(e.value);
              for (var vi = 0; vi < ev.value.length; ++vi) {
                var oid = ev.value[vi].value;
                if (oid in oids) {
                  e[oids[oid]] = true;
                } else {
                  e[oid] = true;
                }
              }
            } else if (e.name === 'nsCertType') {
              // handle nsCertType
              // get value as BIT STRING
              var ev = asn1.fromDer(e.value);
              var b2 = 0x00;
              if (ev.value.length() > 1) {
                // skip first byte, just indicates unused bits which
                // will be padded with 0s anyway
                // get bytes with flag bits
                b2 = ev.value.at(1);
              }
              // set flags
              e.client = (b2 & 0x80) === 0x80;
              e.server = (b2 & 0x40) === 0x40;
              e.email = (b2 & 0x20) === 0x20;
              e.objsign = (b2 & 0x10) === 0x10;
              e.reserved = (b2 & 0x08) === 0x08;
              e.sslCA = (b2 & 0x04) === 0x04;
              e.emailCA = (b2 & 0x02) === 0x02;
              e.objCA = (b2 & 0x01) === 0x01;
            } else if (
              e.name === 'subjectAltName' ||
              e.name === 'issuerAltName') {
              // handle subjectAltName/issuerAltName
              e.altNames = [];

              // ev is a SYNTAX SEQUENCE
              var gn;
              var ev = asn1.fromDer(e.value);
              for (var n = 0; n < ev.value.length; ++n) {
                // get GeneralName
                gn = ev.value[n];

                var altName = {
                  type: gn.type
                };
                if (gn.value instanceof ByteBuffer) {
                  altName.value = gn.value.copy();
                } else {
                  // some currently unsupported types use ASN.1 encoding
                  // so convert back to DER
                  altName.value = asn1.toDer(gn);
                }
                e.altNames.push(altName);

                // Note: Support for types 1,2,6,7,8
                switch (gn.type) {
                  // rfc822Name
                  case 1:
                  // dNSName
                  case 2:
                  // uniformResourceIdentifier (URI)
                  case 6:
                    break;
                  // IPAddress
                  case 7:
                    // convert to IPv4/IPv6 string representation
                    altName.ip = forge.util.bytesToIP(gn.value.bytes());
                    break;
                  // registeredID
                  case 8:
                    altName.oid = gn.value.bytes();
                    break;
                  default:
                  // unsupported
                }
              }
            } else if (e.name === 'subjectKeyIdentifier') {
              // value is an OCTETSTRING w/the hash of the key-type specific
              // public key structure (eg: RSAPublicKey)
              var ev = asn1.fromDer(e.value);
              e.subjectKeyIdentifier = ev.value.toString('hex');
            }
          }
          rval.push(e);
        }
      }

      return rval;
    };

    /*
     * Converts signature parameters from ASN.1 structure.
     *
     * Currently only RSASSA-PSS supported.  The PKCS#1 v1.5 signature scheme had
     * no parameters.
     *
     * RSASSA-PSS-params  ::=  SEQUENCE  {
     *   hashAlgorithm      [0] HashAlgorithm DEFAULT
     *                             sha1Identifier,
     *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT
     *                             mgf1SHA1Identifier,
     *   saltLength         [2] INTEGER DEFAULT 20,
     *   trailerField       [3] INTEGER DEFAULT 1
     * }
     *
     * HashAlgorithm  ::=  AlgorithmIdentifier
     *
     * MaskGenAlgorithm  ::=  AlgorithmIdentifier
     *
     * AlgorithmIdentifer ::= SEQUENCE {
     *   algorithm OBJECT IDENTIFIER,
     *   parameters ANY DEFINED BY algorithm OPTIONAL
     * }
     *
     * @param oid The OID specifying the signature algorithm
     * @param obj The ASN.1 structure holding the parameters
     * @param fillDefaults Whether to use return default values where omitted
     * @return signature parameter object
     */
    var _readSignatureParameters = function (oid, obj, fillDefaults) {
      var params = {};

      if (oid !== oids['RSASSA-PSS']) {
        return params;
      }

      if (fillDefaults) {
        params = {
          hash: {
            algorithmOid: oids['sha1']
          },
          mgf: {
            algorithmOid: oids['mgf1'],
            hash: {
              algorithmOid: oids['sha1']
            }
          },
          saltLength: 20
        };
      }

      var capture = {};
      var errors = [];
      if (!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) {
        var error = new Error('Cannot read RSASSA-PSS parameter block.');
        error.errors = errors;
        throw error;
      }

      if (capture.hashOid !== undefined) {
        params.hash = params.hash || {};
        params.hash.algorithmOid = capture.hashOid;
      }

      if (capture.maskGenOid !== undefined) {
        params.mgf = params.mgf || {};
        params.mgf.algorithmOid = capture.maskGenOid;
        params.mgf.hash = params.mgf.hash || {};
        params.mgf.hash.algorithmOid = capture.maskGenHashOid;
      }

      if (capture.saltLength !== undefined) {
        params.saltLength = capture.saltLength;
      }

      return params;
    };

    /*
     * Converts an X.509 certificate from PEM format.
     *
     * Note: If the certificate is to be verified then compute hash should
     * be set to true. This will scan the TBSCertificate part of the ASN.1
     * object while it is converted so it doesn't need to be converted back
     * to ASN.1-DER-encoding later.
     *
     * @param pem the PEM-formatted certificate.
     * @param computeHash true to compute the hash for verification.
     * @param strict true to be strict when checking ASN.1 value lengths, false to
     *          allow truncated values (default: true).
     *
     * @return the certificate.
     */
    pki.certificateFromPem = function (pem, computeHash, strict) {
      // convert DER to ASN.1 object
      var obj = asn1.fromDer(new ByteBuffer(pem, 'base64'), strict);

      return pki.certificateFromAsn1(obj, computeHash);
    };

    /*
     * Converts an RSA public key from PEM format.
     *
     * @param pem the PEM-formatted public key.
     *
     * @return the public key.
     */
    pki.publicKeyFromPem = function (pem) {
      var msg = forge.pem.decode(pem)[0];

      if (msg.type !== 'PUBLIC KEY' && msg.type !== 'RSA PUBLIC KEY') {
        var error = new Error('Could not convert public key from PEM; PEM header ' +
          'type is not "PUBLIC KEY" or "RSA PUBLIC KEY".');
        error.headerType = msg.type;
        throw error;
      }
      if (msg.procType && msg.procType.type === 'ENCRYPTED') {
        throw new Error('Could not convert public key from PEM; PEM is encrypted.');
      }

      // convert DER to ASN.1 object
      var obj = asn1.fromDer(msg.body);

      return pki.publicKeyFromAsn1(obj);
    };

    /*
     * Converts an RSA public key to PEM format (using a SubjectPublicKeyInfo).
     *
     * @param key the public key.
     * @param maxline the maximum characters per line, defaults to 64.
     *
     * @return the PEM-formatted public key.
     */
    pki.publicKeyToPem = function (key, maxline) {
      // convert to ASN.1, then DER, then PEM-encode
      var msg = {
        type: 'PUBLIC KEY',
        body: asn1.toDer(pki.publicKeyToAsn1(key))
      };
      return forge.pem.encode(msg, { maxline: maxline });
    };

    /**
     * Converts an RSA public key to PEM format (using an RSAPublicKey).
     *
     * @param key the public key.
     * @param maxline the maximum characters per line, defaults to 64.
     *
     * @return the PEM-formatted public key.
     */
    pki.publicKeyToRSAPublicKeyPem = function (key, maxline) {
      // convert to ASN.1, then DER, then PEM-encode
      var msg = {
        type: 'RSA PUBLIC KEY',
        body: asn1.toDer(pki.publicKeyToRSAPublicKey(key))
      };
      return forge.pem.encode(msg, { maxline: maxline });
    };

    /*
     * Gets a fingerprint for the given public key.
     *
     * @param options the options to use.
     *          [md] the message digest object to use (defaults to forge.md.sha1).
     *          [type] the type of fingerprint, such as 'RSAPublicKey',
     *            'SubjectPublicKeyInfo' (defaults to 'RSAPublicKey').
     *          [encoding] an alternative output encoding, such as 'hex'
     *            (defaults to none, outputs a ByteBuffer).
     *          [delimiter] the delimiter to use between bytes for 'hex' encoded
     *            output, eg: ':' (defaults to none).
     *
     * @return the fingerprint as a ByteBuffer or other encoding based on options.
     */
    pki.getPublicKeyFingerprint = function (key, options) {
      options = options || {};
      var md = options.md || forge.md.sha1.create();
      var type = options.type || 'RSAPublicKey';

      var bytes;
      switch (type) {
        case 'RSAPublicKey':
          bytes = asn1.toDer(pki.publicKeyToRSAPublicKey(key));
          break;
        case 'SubjectPublicKeyInfo':
          bytes = asn1.toDer(pki.publicKeyToAsn1(key));
          break;
        default:
          throw new Error('Unknown fingerprint type "' + options.type + '".');
      }

      // hash public key bytes
      md.start();
      md.update(bytes);
      var digest = md.digest();
      if (options.encoding === 'hex') {
        var hex = digest.toHex();
        if (options.delimiter) {
          return hex.match(/.{2}/g).join(options.delimiter);
        }
        return hex;
      } else if (options.encoding === 'binary') {
        return digest.getBytes();
      } else if (options.encoding) {
        throw new Error('Unknown encoding "' + options.encoding + '".');
      }
      return digest;
    };

    /*
     * Creates an empty X.509v3 RSA certificate.
     *
     * @return the certificate.
     */
    pki.createCertificate = function () {
      var cert = {};
      cert.version = 0x02;
      cert.serialNumber = '00';
      cert.signatureOid = null;
      cert.signature = null;
      cert.siginfo = {};
      cert.siginfo.algorithmOid = null;
      cert.validity = {};
      cert.validity.notBefore = new Date();
      cert.validity.notAfter = new Date();

      cert.issuer = {};
      cert.issuer.getField = function (sn) {
        return _getAttribute(cert.issuer, sn);
      };
      cert.issuer.addField = function (attr) {
        _fillMissingFields([attr]);
        cert.issuer.attributes.push(attr);
      };
      cert.issuer.attributes = [];
      cert.issuer.hash = null;

      cert.subject = {};
      cert.subject.getField = function (sn) {
        return _getAttribute(cert.subject, sn);
      };
      cert.subject.addField = function (attr) {
        _fillMissingFields([attr]);
        cert.subject.attributes.push(attr);
      };
      cert.subject.attributes = [];
      cert.subject.hash = null;

      cert.extensions = [];
      cert.publicKey = null;
      cert.md = null;

      /*
       * Sets the subject of this certificate.
       *
       * @param attrs the array of subject attributes to use.
       * @param uniqueId an optional a unique ID to use.
       */
      cert.setSubject = function (attrs, uniqueId) {
        // set new attributes, clear hash
        _fillMissingFields(attrs);
        cert.subject.attributes = attrs;
        delete cert.subject.uniqueId;
        if (uniqueId) {
          cert.subject.uniqueId = uniqueId;
        }
        cert.subject.hash = null;
      };

      /*
       * Sets the issuer of this certificate.
       *
       * @param attrs the array of issuer attributes to use.
       * @param uniqueId an optional a unique ID to use.
       */
      cert.setIssuer = function (attrs, uniqueId) {
        // set new attributes, clear hash
        _fillMissingFields(attrs);
        cert.issuer.attributes = attrs;
        delete cert.issuer.uniqueId;
        if (uniqueId) {
          cert.issuer.uniqueId = uniqueId;
        }
        cert.issuer.hash = null;
      };

      /*
       * Sets the extensions of this certificate.
       *
       * @param exts the array of extensions to use.
       */
      cert.setExtensions = function (exts) {
        var e;
        for (var i = 0; i < exts.length; ++i) {
          e = exts[i];

          // populate missing name
          if (typeof (e.name) === 'undefined') {
            if (e.id && e.id in pki.oids) {
              e.name = pki.oids[e.id];
            }
          }

          // populate missing id
          if (typeof (e.id) === 'undefined') {
            if (e.name && e.name in pki.oids) {
              e.id = pki.oids[e.name];
            } else {
              var error = new Error('Extension ID not specified.');
              error.extension = e;
              throw error;
            }
          }

          // handle missing value
          if (typeof (e.value) === 'undefined') {
            // value is a BIT STRING
            if (e.name === 'keyUsage') {
              // build flags
              var unused = 0;
              var b2 = 0x00;
              var b3 = 0x00;
              if (e.digitalSignature) {
                b2 |= 0x80;
                unused = 7;
              }
              if (e.nonRepudiation) {
                b2 |= 0x40;
                unused = 6;
              }
              if (e.keyEncipherment) {
                b2 |= 0x20;
                unused = 5;
              }
              if (e.dataEncipherment) {
                b2 |= 0x10;
                unused = 4;
              }
              if (e.keyAgreement) {
                b2 |= 0x08;
                unused = 3;
              }
              if (e.keyCertSign) {
                b2 |= 0x04;
                unused = 2;
              }
              if (e.cRLSign) {
                b2 |= 0x02;
                unused = 1;
              }
              if (e.encipherOnly) {
                b2 |= 0x01;
                unused = 0;
              }
              if (e.decipherOnly) {
                b3 |= 0x80;
                unused = 7;
              }

              // create bit string
              var value = new ByteBuffer().putByte(unused);
              if (b3 !== 0) {
                value.putByte(b2).putByte(b3);
              } else if (b2 !== 0) {
                value.putByte(b2);
              }
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);
            } else if (e.name === 'basicConstraints') {
              // basicConstraints is a SEQUENCE
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
              // cA BOOLEAN flag defaults to false
              if (e.cA) {
                e.value.value.push(asn1.create(
                  asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false, true));
              }
              if ('pathLenConstraint' in e) {
                e.value.value.push(asn1.create(
                  asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
                  e.pathLenConstraint));
              }
            } else if (e.name === 'extKeyUsage') {
              // extKeyUsage is a SEQUENCE of OIDs
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
              var seq = e.value.value;
              for (var key in e) {
                if (e[key] !== true) {
                  continue;
                }
                // key is name in OID map
                if (key in oids) {
                  seq.push(asn1.create(
                    asn1.Class.UNIVERSAL, asn1.Type.OID, false, oids[key]));
                } else if (key.indexOf('.') !== -1) {
                  // assume key is an OID
                  seq.push(asn1.create(
                    asn1.Class.UNIVERSAL, asn1.Type.OID, false, key));
                }
              }
            } else if (e.name === 'nsCertType') {
              // nsCertType is a BIT STRING
              // build flags
              var unused = 0;
              var b2 = 0x00;

              if (e.client) {
                b2 |= 0x80;
                unused = 7;
              }
              if (e.server) {
                b2 |= 0x40;
                unused = 6;
              }
              if (e.email) {
                b2 |= 0x20;
                unused = 5;
              }
              if (e.objsign) {
                b2 |= 0x10;
                unused = 4;
              }
              if (e.reserved) {
                b2 |= 0x08;
                unused = 3;
              }
              if (e.sslCA) {
                b2 |= 0x04;
                unused = 2;
              }
              if (e.emailCA) {
                b2 |= 0x02;
                unused = 1;
              }
              if (e.objCA) {
                b2 |= 0x01;
                unused = 0;
              }

              // create bit string
              var value = new ByteBuffer(unused);
              if (b2 !== 0) {
                value.putByte(b2);
              }
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);
            } else if (e.name === 'subjectAltName' || e.name === 'issuerAltName') {
              // SYNTAX SEQUENCE
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);

              var altName;
              for (var n = 0; n < e.altNames.length; ++n) {
                altName = e.altNames[n];
                var value = altName.value;
                // handle IP
                if (altName.type === 7 && altName.ip) {
                  value = forge.util.bytesFromIP(altName.ip);
                  if (value === null) {
                    var error = new Error(
                      'Extension "ip" value is not a valid IPv4 or IPv6 address.');
                    error.extension = e;
                    throw error;
                  }
                } else if (altName.type === 8) {
                  // handle OID
                  if (altName.oid) {
                    value = asn1.oidToDer(altName.oid);
                  } else {
                    // deprecated; assume value is OID (backwards-compatibility)
                    value = asn1.oidToDer(value);
                  }
                }
                if (typeof value === 'string') {
                  value = new ByteBuffer(value, 'binary');
                }
                e.value.value.push(asn1.create(
                  asn1.Class.CONTEXT_SPECIFIC, altName.type, false, value));
              }
            } else if (e.name === 'subjectKeyIdentifier') {
              var ski = cert.generateSubjectKeyIdentifier();
              e.subjectKeyIdentifier = ski.toHex();
              // OCTETSTRING w/digest
              e.value = asn1.create(
                asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ski);
            }

            // ensure value has been defined by now
            if (typeof (e.value) === 'undefined') {
              var error = new Error('Extension value not specified.');
              error.extension = e;
              throw error;
            }
          }
        }

        // set new extensions
        cert.extensions = exts;
      };

      /*
       * Gets an extension by its name or id.
       *
       * @param options the name to use or an object with:
       *          name the name to use.
       *          id the id to use.
       *
       * @return the extension or null if not found.
       */
      cert.getExtension = function (options) {
        if (typeof options === 'string') {
          options = { name: options };
        }

        var rval = null;
        var ext;
        for (var i = 0; rval === null && i < cert.extensions.length; ++i) {
          ext = cert.extensions[i];
          if (options.id && ext.id === options.id) {
            rval = ext;
          } else if (options.name && ext.name === options.name) {
            rval = ext;
          }
        }
        return rval;
      };

      /*
       * Attempts verify the signature on the passed certificate using this
       * certificate's public key.
       *
       * @param child the certificate to verify.
       *
       * @return true if verified, false if not.
       */
      cert.verify = function (child) {
        var rval = false;

        if (!cert.issued(child)) {
          var issuer = child.issuer;
          var subject = cert.subject;
          var error = new Error('The parent certificate did not issue the given child ' +
            'certificate; the child certificate\'s issuer does not match the ' +
            'parent\'s subject.');
          error.expectedIssuer = issuer.attributes;
          error.actualIssuer = subject.attributes;
          throw error;
        }

        var md = child.md;
        if (md === null) {
          // check signature OID for supported signature types
          if (child.signatureOid in oids) {
            var oid = oids[child.signatureOid];
            switch (oid) {
              case 'sha1WithRSAEncryption':
                md = forge.md.sha1.create();
                break;
              case 'md5WithRSAEncryption':
                md = forge.md.md5.create();
                break;
              case 'sha256WithRSAEncryption':
                md = forge.md.sha256.create();
                break;
              case 'RSASSA-PSS':
                md = forge.md.sha256.create();
                break;
            }
          }
          if (md === null) {
            var error = new Error('Could not compute certificate digest. ' +
              'Unknown signature OID.');
            error.signatureOid = child.signatureOid;
            throw error;
          }

          // produce DER formatted TBSCertificate and digest it
          var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child);
          md.update(asn1.toDer(tbsCertificate));
        }

        if (md !== null) {
          var scheme;

          switch (child.signatureOid) {
            case oids.md5WithRSAEncryption:
            case oids.sha1WithRSAEncryption:
            case oids.sha256WithRSAEncryption:
            case oids.sha384WithRSAEncryption:
            case oids.sha512WithRSAEncryption:
            case oids.sha224WithRSAEncryption:
              scheme = 'RSASSA-PKCS1-V1_5';
              break;
            case oids['RSASSA-PSS']:
              var hash, mgf;

              /* initialize mgf */
              hash = oids[child.signatureParameters.mgf.hash.algorithmOid];
              if (hash === undefined || forge.md[hash] === undefined) {
                var error = new Error('Unsupported MGF hash function.');
                error.oid = child.signatureParameters.mgf.hash.algorithmOid;
                error.name = hash;
                throw error;
              }

              mgf = oids[child.signatureParameters.mgf.algorithmOid];
              if (mgf === undefined || forge.mgf[mgf] === undefined) {
                var error = new Error('Unsupported MGF function.');
                error.oid = child.signatureParameters.mgf.algorithmOid;
                error.name = mgf;
                throw error;
              }

              mgf = forge.mgf[mgf].create(forge.md[hash].create());

              /* initialize hash function */
              hash = oids[child.signatureParameters.hash.algorithmOid];
              if (hash === undefined || forge.md[hash] === undefined) {
                throw {
                  message: 'Unsupported RSASSA-PSS hash function.',
                  oid: child.signatureParameters.hash.algorithmOid,
                  name: hash
                };
              }

              scheme = forge.pss.create(
                forge.md[hash].create(), mgf,
                child.signatureParameters.saltLength);
              break;
            default:
              throw new Error(
                'Unsupported signature algorithm: ' + child.signatureOid);
          }

          // verify signature on cert using public key
          rval = cert.publicKey.verify(md.digest(), child.signature.copy(), scheme);
        }

        return rval;
      };

      /*
       * Returns true if this certificate's issuer matches the passed
       * certificate's subject. Note that no signature check is performed.
       *
       * @param parent the certificate to check.
       *
       * @return true if this certificate's issuer matches the passed certificate's
       *         subject.
       */
      cert.isIssuer = function (parent) {
        var rval = false;

        var i = cert.issuer;
        var s = parent.subject;

        // compare hashes if present
        if (i.hash && s.hash) {
          rval = (i.hash === s.hash);
        } else if (i.attributes.length === s.attributes.length) {
          // all attributes are the same so issuer matches subject
          rval = true;
          var iattr, sattr;
          for (var n = 0; rval && n < i.attributes.length; ++n) {
            iattr = i.attributes[n];
            sattr = s.attributes[n];
            if (iattr.type !== sattr.type || iattr.value !== sattr.value) {
              // attribute mismatch
              rval = false;
            }
          }
        }

        return rval;
      };

      /*
       * Returns true if this certificate's subject matches the issuer of the
       * given certificate). Note that not signature check is performed.
       *
       * @param child the certificate to check.
       *
       * @return true if this certificate's subject matches the passed
       *         certificate's issuer.
       */
      cert.issued = function (child) {
        return child.isIssuer(cert);
      };

      /**
       * Generates the subjectKeyIdentifier for this certificate as byte buffer.
       *
       * @return the subjectKeyIdentifier for this certificate as byte buffer.
       */
      cert.generateSubjectKeyIdentifier = function () {
        /* See: 4.2.1.2 section of the the RFC3280, keyIdentifier is either:
    
          (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
            value of the BIT STRING subjectPublicKey (excluding the tag,
            length, and number of unused bits).
    
          (2) The keyIdentifier is composed of a four bit type field with
            the value 0100 followed by the least significant 60 bits of the
            SHA-1 hash of the value of the BIT STRING subjectPublicKey
            (excluding the tag, length, and number of unused bit string bits).
        */

        // skipping the tag, length, and number of unused bits is the same
        // as just using the RSAPublicKey (for RSA keys, which are the
        // only ones supported)
        return pki.getPublicKeyFingerprint(cert.publicKey, { type: 'RSAPublicKey' });
      };

      /*
       * Verifies the subjectKeyIdentifier extension value for this certificate
       * against its public key. If no extension is found, false will be
       * returned.
       *
       * @return true if verified, false if not.
       */
      cert.verifySubjectKeyIdentifier = function () {
        var oid = oids['subjectKeyIdentifier'];
        for (var i = 0; i < cert.extensions.length; ++i) {
          var ext = cert.extensions[i];
          if (ext.id === oid) {
            var ski = cert.generateSubjectKeyIdentifier().getBytes();
            return (forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski);
          }
        }
        return false;
      };

      return cert;
    };

    /*
     * Converts an X.509v3 RSA certificate from an ASN.1 object.
     *
     * Note: If the certificate is to be verified then compute hash should
     * be set to true. There is currently no implementation for converting
     * a certificate back to ASN.1 so the TBSCertificate part of the ASN.1
     * object needs to be scanned before the cert object is created.
     *
     * @param obj the asn1 representation of an X.509v3 RSA certificate.
     * @param computeHash true to compute the hash for verification.
     *
     * @return the certificate.
     */
    pki.certificateFromAsn1 = function (obj, computeHash) {
      // validate certificate and capture data
      var capture = {};
      var errors = [];
      if (!asn1.validate(obj, x509CertificateValidator, capture, errors)) {
        var error = new Error('Cannot read X.509 certificate. ' +
          'ASN.1 object is not an X509v3 Certificate.');
        error.errors = errors;
        throw error;
      }

      // check oid
      if (capture.publicKeyOid !== pki.oids.rsaEncryption) {
        throw new Error('Cannot read public key. OID is not RSA.');
      }

      // create certificate
      var cert = pki.createCertificate();
      cert.version = capture.certVersion || 0;
      cert.serialNumber = capture.certSerialNumber;
      cert.signatureOid = capture.certSignatureOid;
      cert.signatureParameters = _readSignatureParameters(
        cert.signatureOid, capture.certSignatureParams, true);
      cert.siginfo.algorithmOid = capture.certinfoSignatureOid;
      cert.siginfo.parameters = _readSignatureParameters(
        cert.siginfo.algorithmOid, capture.certinfoSignatureParams, false);
      // skip "unused bits" in signature value BITSTRING
      var signature = capture.certSignature;
      ++signature.read;
      cert.signature = signature.copy();

      var validity = [];
      if (capture.certValidity1UTCTime !== undefined) {
        validity.push(capture.certValidity1UTCTime);
      }
      if (capture.certValidity2GeneralizedTime !== undefined) {
        validity.push(capture.certValidity2GeneralizedTime);
      }
      if (capture.certValidity3UTCTime !== undefined) {
        validity.push(capture.certValidity3UTCTime);
      }
      if (capture.certValidity4GeneralizedTime !== undefined) {
        validity.push(capture.certValidity4GeneralizedTime);
      }
      if (validity.length > 2) {
        throw new Error('Cannot read notBefore/notAfter validity times; more ' +
          'than two times were provided in the certificate.');
      }
      if (validity.length < 2) {
        throw new Error('Cannot read notBefore/notAfter validity times; they ' +
          'were not provided as either UTCTime or GeneralizedTime.');
      }
      cert.validity.notBefore = validity[0];
      cert.validity.notAfter = validity[1];

      // keep TBSCertificate to preserve signature when exporting
      cert.tbsCertificate = capture.tbsCertificate;

      if (computeHash) {
        // check signature OID for supported signature types
        cert.md = null;
        if (cert.signatureOid in oids) {
          var oid = oids[cert.signatureOid];
          switch (oid) {
            case 'sha1WithRSAEncryption':
              cert.md = forge.md.sha1.create();
              break;
            case 'md5WithRSAEncryption':
              cert.md = forge.md.md5.create();
              break;
            case 'sha256WithRSAEncryption':
              cert.md = forge.md.sha256.create();
              break;
            case 'RSASSA-PSS':
              cert.md = forge.md.sha256.create();
              break;
          }
        }
        if (cert.md === null) {
          var error = new Error('Could not compute certificate digest. ' +
            'Unknown signature OID.');
          error.signatureOid = cert.signatureOid;
          throw error;
        }

        // produce DER formatted TBSCertificate and digest it
        cert.md.update(asn1.toDer(cert.tbsCertificate));
      }

      // handle issuer, build issuer message digest
      var imd = forge.md.sha1.create();
      cert.issuer.getField = function (sn) {
        return _getAttribute(cert.issuer, sn);
      };
      cert.issuer.addField = function (attr) {
        _fillMissingFields([attr]);
        cert.issuer.attributes.push(attr);
      };
      cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer, imd);
      if (capture.certIssuerUniqueId) {
        cert.issuer.uniqueId = capture.certIssuerUniqueId;
      }
      cert.issuer.hash = imd.digest().toHex();

      // handle subject, build subject message digest
      var smd = forge.md.sha1.create();
      cert.subject.getField = function (sn) {
        return _getAttribute(cert.subject, sn);
      };
      cert.subject.addField = function (attr) {
        _fillMissingFields([attr]);
        cert.subject.attributes.push(attr);
      };
      cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject, smd);
      if (capture.certSubjectUniqueId) {
        cert.subject.uniqueId = capture.certSubjectUniqueId;
      }
      cert.subject.hash = smd.digest().toHex();

      // handle extensions
      if (capture.certExtensions) {
        cert.extensions = _parseExtensions(capture.certExtensions);
      } else {
        cert.extensions = [];
      }

      // convert RSA public key from ASN.1
      cert.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);

      return cert;
    };

    /*
     * Converts an X.509 subject or issuer to an ASN.1 RDNSequence.
     *
     * @param obj the subject or issuer (distinguished name).
     *
     * @return the ASN.1 RDNSequence.
     */
    function _dnToAsn1(obj) {
      // create an empty RDNSequence
      var rval = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);

      // iterate over attributes
      var attr, set;
      var attrs = obj.attributes;
      for (var i = 0; i < attrs.length; ++i) {
        attr = attrs[i];
        var value = attr.value;

        // TODO: change attr.value to attr.asn1 to avoid this issue
        // reuse value tag class and type for attribute value if available
        var valueTagClass = asn1.Class.UNIVERSAL;
        if ('valueTagClass' in attr) {
          valueTagClass = attr.valueTagClass;
        }
        var valueType = asn1.Type.PRINTABLESTRING;
        if ('valueType' in attr) {
          valueType = attr.valueType;
        }

        // create a RelativeDistinguishedName set
        // each value in the set is an AttributeTypeAndValue first
        // containing the type (an OID) and second the value
        set = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
            // AttributeType
            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, attr.type),
            // AttributeValue
            asn1.create(valueTagClass, valueType, false, value)
          ])
        ]);
        rval.value.push(set);
      }

      return rval;
    }

    /*
     * Converts X.509v3 certificate extensions to ASN.1.
     *
     * @param exts the extensions to convert.
     *
     * @return the extensions in ASN.1 format.
     */
    function _extensionsToAsn1(exts) {
      // create top-level extension container
      var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []);

      // create extension sequence (stores a sequence for each extension)
      var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
      rval.value.push(seq);

      var ext, extseq;
      for (var i = 0; i < exts.length; ++i) {
        ext = exts[i];

        // create a sequence for each extension
        extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
        seq.value.push(extseq);

        // extnID (OID)
        extseq.value.push(asn1.create(
          asn1.Class.UNIVERSAL, asn1.Type.OID, false, ext.id));

        // critical defaults to false
        if (ext.critical) {
          // critical BOOLEAN DEFAULT FALSE
          extseq.value.push(asn1.create(
            asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false, true));
        }

        var value = ext.value;
        if (value instanceof ByteBuffer) {
          value = value.copy();
        } else {
          // value is asn.1
          value = asn1.toDer(value);
        }

        // extnValue (OCTET STRING)
        extseq.value.push(asn1.create(
          asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, value));
      }

      return rval;
    }

    /*
     * Fills in missing fields in attributes.
     *
     * @param attrs the attributes to fill missing fields in.
     */
    function _fillMissingFields(attrs) {
      var attr;
      for (var i = 0; i < attrs.length; ++i) {
        attr = attrs[i];

        // populate missing name
        if (typeof (attr.name) === 'undefined') {
          if (attr.type && attr.type in pki.oids) {
            attr.name = pki.oids[attr.type];
          } else if (attr.shortName && attr.shortName in _shortNames) {
            attr.name = pki.oids[_shortNames[attr.shortName]];
          }
        }

        // populate missing type (OID)
        if (typeof (attr.type) === 'undefined') {
          if (attr.name && attr.name in pki.oids) {
            attr.type = pki.oids[attr.name];
          } else {
            var error = new Error('Attribute type not specified.');
            error.attribute = attr;
            throw error;
          }
        }

        // populate missing shortname
        if (typeof (attr.shortName) === 'undefined') {
          if (attr.name && attr.name in _shortNames) {
            attr.shortName = _shortNames[attr.name];
          }
        }

        if (typeof (attr.value) === 'undefined') {
          var error = new Error('Attribute value not specified.');
          error.attribute = attr;
          throw error;
        }
      }
    }

    /*
     * Convert signature parameters object to ASN.1
     *
     * @param {String} oid Signature algorithm OID
     * @param params The signature parametrs object
     * @return ASN.1 object representing signature parameters
     */
    function _signatureParametersToAsn1(oid, params) {
      switch (oid) {
        case oids['RSASSA-PSS']:
          var parts = [];

          if (params.hash.algorithmOid !== undefined) {
            parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
                  params.hash.algorithmOid),
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null)
              ])
            ]));
          }

          if (params.mgf.algorithmOid !== undefined) {
            parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [
              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
                  params.mgf.algorithmOid),
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
                  asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
                    params.mgf.hash.algorithmOid),
                  asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null)
                ])
              ])
            ]));
          }

          if (params.saltLength !== undefined) {
            parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [
              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
                params.saltLength)
            ]));
          }

          return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts);

        default:
          return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null);
      }
    }

    /**
     * Converts a certification request's attributes to an ASN.1 set of
     * CRIAttributes.
     *
     * @param csr certification request.
     *
     * @return the ASN.1 set of CRIAttributes.
     */
    function _CRIAttributesToAsn1(csr) {
      // create an empty context-specific container
      var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []);

      // no attributes, return empty container
      if (csr.attributes.length === 0) {
        return rval;
      }

      // each attribute has a sequence with a type and a set of values
      var attrs = csr.attributes;
      for (var i = 0; i < attrs.length; ++i) {
        var attr = attrs[i];
        var value = attr.value;

        // reuse value tag class and type for attribute value if available
        var valueTagClass = asn1.Class.UNIVERSAL;
        if ('valueTagClass' in attr) {
          valueTagClass = attr.valueTagClass;
        }
        var valueType = asn1.Type.UTF8;
        if ('valueType' in attr) {
          valueType = attr.valueType;
        }

        // create a RelativeDistinguishedName set
        // each value in the set is an AttributeTypeAndValue first
        // containing the type (an OID) and second the value
        var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // AttributeType
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, attr.type),
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
            // AttributeValue
            asn1.create(valueTagClass, valueType, false, value)
          ])
        ]);
        rval.value.push(seq);
      }

      return rval;
    }

    /*
     * Gets the ASN.1 TBSCertificate part of an X.509v3 certificate.
     *
     * @param cert the certificate.
     *
     * @return the asn1 TBSCertificate.
     */
    pki.getTBSCertificate = function (cert) {
      // TBSCertificate
      var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
        // version
        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
          // integer
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, cert.version)
        ]),
        // serialNumber
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
          new ByteBuffer(cert.serialNumber, 'hex')),
        // signature
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // algorithm
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
            cert.siginfo.algorithmOid),
          // parameters
          _signatureParametersToAsn1(
            cert.siginfo.algorithmOid, cert.siginfo.parameters)
        ]),
        // issuer
        _dnToAsn1(cert.issuer),
        // validity
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // notBefore
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
            cert.validity.notBefore),
          // notAfter
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
            cert.validity.notAfter)
        ]),
        // subject
        _dnToAsn1(cert.subject),
        // SubjectPublicKeyInfo
        pki.publicKeyToAsn1(cert.publicKey)
      ]);

      if (cert.issuer.uniqueId) {
        // issuerUniqueID (optional)
        tbs.value.push(
          asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [
            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
              new ByteBuffer().putByte(0x00).putBytes(cert.issuer.uniqueId)
            )
          ])
        );
      }
      if (cert.subject.uniqueId) {
        // subjectUniqueID (optional)
        tbs.value.push(
          asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [
            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
              new ByteBuffer().putByte(0x00).putBytes(cert.subject.uniqueId)
            )
          ])
        );
      }

      if (cert.extensions.length > 0) {
        // extensions (optional)
        tbs.value.push(_extensionsToAsn1(cert.extensions));
      }

      return tbs;
    };

    /*
     * Converts a DistinguishedName (subject or issuer) to an ASN.1 object.
     *
     * @param dn the DistinguishedName.
     *
     * @return the asn1 representation of a DistinguishedName.
     */
    pki.distinguishedNameToAsn1 = function (dn) {
      return _dnToAsn1(dn);
    };

    /*
     * Converts an X.509v3 RSA certificate to an ASN.1 object.
     *
     * @param cert the certificate.
     *
     * @return the asn1 representation of an X.509v3 RSA certificate.
     */
    pki.certificateToAsn1 = function (cert) {
      // prefer cached TBSCertificate over generating one
      var tbsCertificate = cert.tbsCertificate || pki.getTBSCertificate(cert);

      // Certificate
      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
        // TBSCertificate
        tbsCertificate,
        // AlgorithmIdentifier (signature algorithm)
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // algorithm
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
            cert.signatureOid),
          // parameters
          _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters)
        ]),
        // SignatureValue
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
          new ByteBuffer().putByte(0x00).putBytes(cert.signature.bytes()))
      ]);
    };

    /*
     * Certificate verification errors, based on TLS.
     */
    pki.certificateError = {
      bad_certificate: 'forge.pki.BadCertificate',
      unsupported_certificate: 'forge.pki.UnsupportedCertificate',
      certificate_revoked: 'forge.pki.CertificateRevoked',
      certificate_expired: 'forge.pki.CertificateExpired',
      certificate_unknown: 'forge.pki.CertificateUnknown',
      unknown_ca: 'forge.pki.UnknownCertificateAuthority'
    };
  } // end module implementation

  return initModule(forge);
})();

/*
 * A javascript implementation of a cryptographically-secure
 * Pseudo Random Number Generator (PRNG). The Fortuna algorithm is followed
 * here though the use of SHA-256 is not enforced; when generating an
 * a PRNG context, the hashing algorithm and block cipher used for
 * the generator are specified via a plugin.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    var _crypto = null;

    /* PRNG API */
    var prng = forge.prng = forge.prng || {};

    /*
     * Creates a new PRNG context.
     *
     * A PRNG plugin must be passed in that will provide:
     *
     * 1. A function that initializes the key and seed of a PRNG context. It
     *   will be given a 16 byte key and a 16 byte seed. Any key expansion
     *   or transformation of the seed from a byte string into an array of
     *   integers (or similar) should be performed.
     * 2. The cryptographic function used by the generator. It takes a key and
     *   a seed.
     * 3. A seed increment function. It takes the seed and returns seed + 1.
     * 4. An api to create a message digest.
     *
     * For an example, see random.js.
     *
     * @param plugin the PRNG plugin to use.
     */
    prng.create = function (plugin) {
      var ctx = {
        plugin: plugin,
        key: null,
        seed: null,
        time: null,
        // number of reseeds so far
        reseeds: 0,
        // amount of data generated so far
        generated: 0
      };

      // create 32 entropy pools (each is a message digest)
      var md = plugin.md;
      var pools = new Array(32);
      for (var i = 0; i < 32; ++i) {
        pools[i] = md.create();
      }
      ctx.pools = pools;

      // entropy pools are written to cyclically, starting at index 0
      ctx.pool = 0;

      /*
       * Generates random bytes. The bytes may be generated synchronously or
       * asynchronously. Web workers must use the asynchronous interface or
       * else the behavior is undefined.
       *
       * @param count the number of random bytes to generate.
       * @param [callback(err, bytes)] called once the operation completes.
       *
       * @return count random bytes as a string.
       */
      ctx.generate = function (count, callback) {
        return ctx.generateSync(count);
      };

      /*
       * Generates random bytes synchronously.
       *
       * @param count the number of random bytes to generate.
       *
       * @return count random bytes as a string.
       */
      ctx.generateSync = function (count) {
        // simple generator using counter-based CBC
        var cipher = ctx.plugin.cipher;
        var increment = ctx.plugin.increment;
        var formatKey = ctx.plugin.formatKey;
        var formatSeed = ctx.plugin.formatSeed;

        // reset key for every request
        ctx.key = null;

        var b = forge.util.createBuffer();
        while (b.length() < count) {
          // if amount of data generated is greater than 1 MiB, trigger reseed
          if (ctx.generated > 0xfffff) {
            ctx.key = null;
          }

          if (ctx.key === null) {
            _reseedSync();
          }

          // generate the random bytes
          var bytes = cipher(ctx.key, ctx.seed);
          ctx.generated += bytes.length;
          b.putBytes(bytes);

          // generate bytes for a new key and seed
          ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));
          ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));
        }

        return b.getBytes(count);
      };

      /*
       * Private function that asynchronously reseeds a generator.
       *
       * @param callback(err) called once the operation completes.
       */
      function _reseed(callback) {
        if (ctx.pools[0].messageLength >= 32) {
          _seed();
          return callback();
        }
        // not enough seed data...
        var needed = (32 - ctx.pools[0].messageLength) << 5;
        ctx.seedFile(needed, function (err, bytes) {
          if (err) {
            return callback(err);
          }
          ctx.collect(bytes);
          _seed();
          callback();
        });
      }

      /*
       * Private function that synchronously reseeds a generator.
       */
      function _reseedSync() {
        if (ctx.pools[0].messageLength >= 32) {
          return _seed();
        }
        // not enough seed data...
        var needed = (32 - ctx.pools[0].messageLength) << 5;
        ctx.collect(ctx.seedFileSync(needed));
        _seed();
      }

      /*
       * Private function that seeds a generator once enough bytes are available.
       */
      function _seed() {
        // create a plugin-based message digest
        var md = ctx.plugin.md.create();

        // digest pool 0's entropy and restart it
        md.update(ctx.pools[0].digest());
        ctx.pools[0].start();

        // digest the entropy of other pools whose index k meet the
        // condition '2^k mod n == 0' where n is the number of reseeds
        var k = 1;
        for (var i = 1; i < 32; ++i) {
          // prevent signed numbers from being used
          k = (k === 31) ? 0x80000000 : (k << 2);
          if (k % ctx.reseeds === 0) {
            md.update(ctx.pools[i].digest());
            ctx.pools[i].start();
          }
        }

        // get digest for key bytes and iterate again for seed bytes
        var keyBytes = md.digest();
        md.start();
        md.update(keyBytes);
        var seedBytes = md.digest().getBytes();

        // update
        ctx.key = ctx.plugin.formatKey(keyBytes);
        ctx.seed = ctx.plugin.formatSeed(seedBytes);
        ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;
        ctx.generated = 0;
      }

      /*
       * The built-in default seedFile. This seedFile is used when entropy
       * is needed immediately.
       *
       * @param needed the number of bytes that are needed.
       *
       * @return the random bytes.
       */
      function defaultSeedFile(needed) {
        // use window.crypto.getRandomValues strong source of entropy if available
        var getRandomValues = null;
        if (typeof window !== 'undefined') {
          var _crypto = window.crypto || window.msCrypto;
          if (_crypto && _crypto.getRandomValues) {
            getRandomValues = function (arr) {
              return _crypto.getRandomValues(arr);
            };
          }
        }

        var b = forge.util.createBuffer();
        if (getRandomValues) {
          while (b.length() < needed) {
            // max byte length is 65536 before QuotaExceededError is thrown
            // http://www.w3.org/TR/WebCryptoAPI/#RandomSource-method-getRandomValues
            var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4);
            var entropy = new Uint32Array(Math.floor(count));
            try {
              getRandomValues(entropy);
              for (var i = 0; i < entropy.length; ++i) {
                b.putInt32(entropy[i]);
              }
            } catch (e) {
              /* only ignore QuotaExceededError */
              if (!(typeof QuotaExceededError !== 'undefined' &&
                e instanceof QuotaExceededError)) {
                throw e;
              }
            }
          }
        }

        // be sad and add some weak random data
        if (b.length() < needed) {
          /* Draws from Park-Miller "minimal standard" 31 bit PRNG,
          implemented with David G. Carta's optimization: with 32 bit math
          and without division (Public Domain). */
          var hi, lo, next;
          var seed = Math.floor(Math.random() * 0x010000);
          while (b.length() < needed) {
            lo = 16807 * (seed & 0xFFFF);
            hi = 16807 * (seed >> 16);
            lo += (hi & 0x7FFF) << 16;
            lo += hi >> 15;
            lo = (lo & 0x7FFFFFFF) + (lo >> 31);
            seed = lo & 0xFFFFFFFF;

            // consume lower 3 bytes of seed
            for (var i = 0; i < 3; ++i) {
              // throw in more pseudo random
              next = seed >>> (i << 3);
              next ^= Math.floor(Math.random() * 0x0100);
              b.putByte(String.fromCharCode(next & 0xFF));
            }
          }
        }

        return b.getBytes(needed);
      }
      // initialize seed file APIs

      ctx.seedFile = function (needed, callback) {
        try {
          callback(null, defaultSeedFile(needed));
        } catch (e) {
          callback(e);
        }
      };
      ctx.seedFileSync = defaultSeedFile;

      /*
       * Adds entropy to a prng ctx's accumulator.
       *
       * @param bytes the bytes of entropy as a string.
       */
      ctx.collect = function (bytes) {
        // iterate over pools distributing entropy cyclically
        var count = bytes.length;
        for (var i = 0; i < count; ++i) {
          ctx.pools[ctx.pool].update(bytes.substr(i, 1), 'binary');
          ctx.pool = (ctx.pool === 31) ? 0 : ctx.pool + 1;
        }
      };

      /*
       * Collects an integer of n bits.
       *
       * @param i the integer entropy.
       * @param n the number of bits in the integer.
       */
      ctx.collectInt = function (i, n) {
        var bytes = '';
        for (var x = 0; x < n; x += 8) {
          bytes += String.fromCharCode((i >> x) & 0xFF);
        }
        ctx.collect(bytes);
      };

      return ctx;
    };

  } // end module implementation

  return initModule(forge);
})();

/*
 * An API for getting cryptographically-secure random bytes. The bytes are
 * generated using the Fortuna algorithm devised by Bruce Schneier and
 * Niels Ferguson.
 *
 * Getting strong random bytes is not yet easy to do in javascript. The only
 * truish random entropy that can be collected is from the mouse, keyboard, or
 * from timing with respect to page loads, etc. This generator makes a poor
 * attempt at providing random bytes when those sources haven't yet provided
 * enough entropy to initially seed or to reseed the PRNG.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2009-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // forge.random already defined
    if (forge.random && forge.random.getBytes) {
      return;
    }

    (function (jQuery) {

      // the default prng plugin, uses AES-128
      var prng_aes = {};
      var _prng_aes_output = new Array(4);
      var _prng_aes_buffer = forge.util.createBuffer();
      prng_aes.formatKey = function (key) {
        // convert the key into 32-bit integers
        var tmp = forge.util.createBuffer(key);
        key = new Array(4);
        key[0] = tmp.getInt32();
        key[1] = tmp.getInt32();
        key[2] = tmp.getInt32();
        key[3] = tmp.getInt32();

        // return the expanded key
        return forge.aes._expandKey(key, false);
      };
      prng_aes.formatSeed = function (seed) {
        // convert seed into 32-bit integers
        var tmp = forge.util.createBuffer(seed);
        seed = new Array(4);
        seed[0] = tmp.getInt32();
        seed[1] = tmp.getInt32();
        seed[2] = tmp.getInt32();
        seed[3] = tmp.getInt32();
        return seed;
      };
      prng_aes.cipher = function (key, seed) {
        forge.aes._updateBlock(key, seed, _prng_aes_output, false);
        _prng_aes_buffer.putInt32(_prng_aes_output[0]);
        _prng_aes_buffer.putInt32(_prng_aes_output[1]);
        _prng_aes_buffer.putInt32(_prng_aes_output[2]);
        _prng_aes_buffer.putInt32(_prng_aes_output[3]);
        return _prng_aes_buffer.getBytes();
      };
      prng_aes.increment = function (seed) {
        // FIXME: do we care about carry or signed issues?
        ++seed[3];
        return seed;
      };
      prng_aes.md = forge.md.sha1;

      /*
       * Creates a new PRNG.
       */
      function spawnPrng() {
        var ctx = forge.prng.create(prng_aes);

        /*
         * Gets random bytes. If a native secure crypto API is unavailable, this
         * method tries to make the bytes more unpredictable by drawing from data that
         * can be collected from the user of the browser, eg: mouse movement.
         *
         * If a callback is given, this method will be called asynchronously.
         *
         * @param count the number of random bytes to get.
         * @param [callback(err, bytes)] called once the operation completes.
         *
         * @return the random bytes in a string.
         */
        ctx.getBytes = function (count, callback) {
          return ctx.generate(count, callback);
        };

        /*
         * Gets random bytes asynchronously. If a native secure crypto API is
         * unavailable, this method tries to make the bytes more unpredictable by
         * drawing from data that can be collected from the user of the browser,
         * eg: mouse movement.
         *
         * @param count the number of random bytes to get.
         *
         * @return the random bytes in a string.
         */
        ctx.getBytesSync = function (count) {
          return ctx.generate(count);
        };

        return ctx;
      }

      // create default prng context
      var _ctx = spawnPrng();

      // add other sources of entropy only if window.crypto.getRandomValues is not
      // available -- otherwise this source will be automatically used by the prng
      var _nodejs = (
        typeof process !== 'undefined' && process.versions && process.versions.node);
      var getRandomValues = null;
      if (typeof window !== 'undefined') {
        var _crypto = window.crypto || window.msCrypto;
        if (_crypto && _crypto.getRandomValues) {
          getRandomValues = function (arr) {
            return _crypto.getRandomValues(arr);
          };
        }
      }
      /* Random API */
      if (!forge.random) {
        forge.random = _ctx;
      } else {
        // extend forge.random with _ctx
        for (var key in _ctx) {
          forge.random[key] = _ctx[key];
        }
      }

      // expose spawn PRNG
      forge.random.createInstance = spawnPrng;

    })(typeof (jQuery) !== 'undefined' ? jQuery : null);

  } // end module implementation

  return initModule(forge);
})();

/*
 * PKCS#1 partial implementation.
 *
 * Implementation of "PKCS#1 v2.2: RSA-OEAP" is modified but based on the
 * following MIT and BSD licensed code:
 *
 * https://github.com/kjur/jsjws/blob/master/rsa.js:
 *
 * The 'jsjws'(JSON Web Signature JavaScript Library) License
 *
 * Copyright (c) 2012 Kenji Urushima
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * http://webrsa.cvs.sourceforge.net/viewvc/webrsa/Client/RSAES-OAEP.js?content-type=text%2Fplain:
 *
 * RSAES-OAEP.js
 * $Id: RSAES-OAEP.js,v 1.1.1.1 2003/03/19 15:37:20 ellispritchard Exp $
 * JavaScript Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)
 * Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.
 * Contact: ellis@nukinetics.com
 * Distributed under the BSD License.
 *
 * Official documentation: http://www.rsa.com/rsalabs/node.asp?id=2125
 *
 * @author Evan Jones (http://evanjones.ca/)
 * @author Dave Longley
 *
 * Copyright (c) 2013-2014 Digital Bazaar, Inc.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // shortcut for PKCS#1 API
    var pkcs1 = forge.pkcs1 = forge.pkcs1 || {};

    // shortcuts
    var asn1 = forge.asn1;
    var oids = forge.pki.oids;
    var BigInteger = forge.jsbn.BigInteger;
    var ByteBuffer = forge.util.ByteBuffer;

    /*
     * I2OSP converts a nonnegative integer (BigInteger) to an octet string
     * (ByteBuffer) of the specified length. See RFC 3447 Section 4.1.
     *
     * @param x the BigInteger to convert.
     * @param len the intended length (in bytes) to output.
     *
     * @return the ByteBuffer.
     */
    pkcs1.i2osp = function (x, len) {
      // if x is shorter than len, then prepend zero bytes
      // FIXME: hex conversion inefficient; write efficient translator
      var xhex = x.toString(16);
      var zeros = len - Math.ceil(xhex.length / 2);
      return new ByteBuffer()
        .fillWithByte(0x00, zeros)
        .putBytes(forge.util.hexToBytes(xhex));
    };

    /**
     * OS2IP converts an octet string (ByteBuffer) to a nonnegative integer
     * (BigInteger). See RFC 3447 Section 4.2.
     *
     * @param b the ByteBuffer to convert.
     *
     * @return the BigInteger.
     */
    pkcs1.os2ip = function (b) {
      // FIXME: hex conversion inefficient; write efficient translator
      return new BigInteger(b.toString('hex'), 16);
    };

    /*
     * Encodes the given message using the given key and digest using
     * RSAES-PKCS1-v1_5. This encoding is an encryption/decryption scheme
     * standardized in PKCS#1 v1.5.
     *
     * @param key the RSA key to use.
     * @param message the message, as a ByteBuffer, to encode.
     *
     * @return the encoded message as a ByteBuffer.
     */
    pkcs1.encode_rsaes = function (key, message) {
      return pkcs1.encode_eme_v1_5(key, message, 0x02);
    };

    /*
     * Decodes a message previously encoded via RSAES-PKCS1-v1_5.
     *
     * @param key the RSA key to use.
     * @param em the encoded message to decode, as a ByteBuffer.
     *
     * @return the decoded message, as a ByteBuffer.
     */
    pkcs1.decode_rsaes = function (key, em) {
      return pkcs1.decode_eme_v1_5(key, em);
    };

    /*
     * Encodes the given message using the given key and digest using
     * RSASSA-PKCS1-v1_5. This encoding is a signature scheme with appendix
     * standardized in PKCS#1 v1.5.
     *
     * @param key the RSA key to use.
     * @param message the message, as a ByteBuffer, to encode.
     *
     * @return the encoded message as a ByteBuffer.
     */
    pkcs1.encode_rsassa = function (key, message) {
      // FIXME: encode_emsa_v1_5 expects a message digest object
      var em = pkcs1.encode_emsa_v1_5(message);
      return pkcs1.encode_eme_v1_5(key, em, 0x01);
    };

    /*
     * Decodes a message previously encoded via RSASSA-PKCS1-v1_5.
     *
     * @param key the RSA key to use.
     * @param em the encoded message to decode, as a ByteBuffer.
     *
     * @return the decoded message, as a ByteBuffer.
     */
    pkcs1.decode_rsassa = function (key, em) {
      var m = pkcs1.decode_eme_v1_5(key, em);
      return pkcs1.decode_emsa_v1_5(m);
    };

    /*
     * Encodes a message digest by wrapping it in a DigestInfo object.
     *
     * This function implements EMSA-PKCS1-v1_5-ENCODE as per RFC 3447.
     *
     * DigestInfo ::= SEQUENCE {
     *   digestAlgorithm DigestAlgorithmIdentifier,
     *   digest Digest
     * }
     *
     * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
     * Digest ::= OCTET STRING
     *
     * @param md the message digest object with the hash to sign.
     *
     * @return the encoded message, as a ByteBuffer.
     */
    pkcs1.encode_emsa_v1_5 = function (md) {
      // get the oid for the algorithm
      var oid;
      if (md.algorithm in oids) {
        oid = oids[md.algorithm];
      } else {
        throw new Error('Unknown message digest algorithm: ' + md.algorithm);
      }

      // create the digest info
      var digestInfo = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
      var digestAlgorithm = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
      digestAlgorithm.value.push(asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.OID, false, oid));
      digestAlgorithm.value.push(asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null));
      var digest = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, md.digest());
      digestInfo.value.push(digestAlgorithm);
      digestInfo.value.push(digest);

      // encode digest info
      return asn1.toDer(digestInfo);
    };

    /*
     * This function decodes a message previously encoded via
     * EMSA-PKCS1-v1_5-ENCODE as per RFC 3447.
     *
     * @param em the encoded message to decode, as a ByteBuffer.
     *
     * @return the decoded message, as a ByteBuffer.
     */
    pkcs1.decode_emsa_v1_5 = function (em) {
      if (!(em instanceof ByteBuffer)) {
        throw new TypeError('em must be a ByteBuffer');
      }

      // encoded is ASN.1 DER-encoded DigestInfo
      var obj = asn1.fromDer(em);
      // TODO: validate DigestInfo

      // return message digest
      return obj.value[1].value;
    };

    /*
     * Encodes a message using EME-PKCS1-v1_5 padding.
     *
     * @param key the RSA key to use.
     * @param m the message to encode, as a ByteBuffer.
     * @param blockType the block type to use, which can be 0x00, 0x01, or 0x02;
     *          0x01 is used by RSASSA (signing) and 0x02 is used by RSAES
     *          (encryption) and by TLS "digitally-signed" data.
     *
     * @return the encoded message as a ByteBuffer.
     */
    pkcs1.encode_eme_v1_5 = function (key, m, blockType) {
      if (!(m instanceof ByteBuffer)) {
        throw new TypeError('m must be a ByteBuffer');
      }

      // TODO: use buffers throughout
      m = m.bytes();

      if (blockType !== 0x00 && blockType !== 0x01 && blockType !== 0x02) {
        throw new Error('blockType must be 0, 1, or 2.');
      }

      var eb = new ByteBuffer();

      // get the length of the modulus in bytes
      var k = Math.ceil(key.n.bitLength() / 8);

      // EME-PKCS1-v1_5 padding needs at least 11 bytes of overhead
      if (m.length > (k - 11)) {
        var error = new Error('Message is too long for EME-PKCS1-v1_5 padding.');
        error.length = m.length;
        error.max = k - 11;
        throw error;
      }

      /* A block type BT, a padding string PS, and the data D shall be
        formatted into an octet string EB, the encryption block:
    
        EB = 00 || BT || PS || 00 || D
    
        The block type BT shall be a single octet indicating the structure of
        the encryption block. For this version of the document it shall have
        value 00, 01, or 02.
    
        The padding string PS shall consist of k-3-||D|| octets. For block
        type 00, the octets shall have value 00; for block type 01, they
        shall have value FF; and for block type 02, they shall be
        pseudorandomly generated and nonzero. This makes the length of the
        encryption block EB equal to k.
    
        Notes:
    
        1. The leading 00 octet ensures that the encryption block, converted to
        an integer, is less than the modulus.
    
        2. For block type 00, the data D must begin with a nonzero octet or
        have known length so that the encryption block can be parsed unambiguously.
        For block types 01 and 02, the encryption block can be parsed unambiguously
        since the padding string PS contains no octets with value 00 and the
        padding string is separated from the data D by an octet with value 00.
    
        3. Block type 01 is recommended for private-key operations. Block type 01
        has the property that the encryption block, converted to an integer, is
        guaranteed to be large, which prevents certain attacks of the kind proposed
        by Desmedt and Odlyzko.
    
        4. Block types 01 and 02 are compatible with PEM RSA encryption of
        content-encryption keys and message digests as described in RFC 1423. */

      // build the encryption block
      eb.putByte(0x00);
      eb.putByte(blockType);

      // create the padding
      var padNum = k - 3 - m.length;
      var padByte;
      // private key op
      if (blockType === 0x00 || blockType === 0x01) {
        padByte = (blockType === 0x00 ? 0x00 : 0xFF);
        for (var i = 0; i < padNum; ++i) {
          eb.putByte(padByte);
        }
      } else {
        // public key op (or TLS "digitally-signed" signature)
        // pad with random non-zero values
        while (padNum > 0) {
          var numZeros = 0;
          var padBytes = forge.random.getBytes(padNum);
          for (var i = 0; i < padNum; ++i) {
            padByte = padBytes.charCodeAt(i);
            if (padByte === 0) {
              ++numZeros;
            } else {
              eb.putByte(padByte);
            }
          }
          padNum = numZeros;
        }
      }

      // zero followed by message
      eb.putByte(0x00);
      eb.putBytes(m);

      return eb;
    };

    /*
     * Decodes a message that was encoded using EME-PKCS1-v1_5 padding.
     *
     * @param key the RSA key to use.
     * @param em the message to decode, as a ByteBuffer.
     * @param ml the message length, if specified (required if block type 0x00
     *          encoding was used).
     *
     * @return the decoded bytes in a ByteBuffer.
     */
    pkcs1.decode_eme_v1_5 = function (key, em, ml) {
      // get the length of the modulus in bytes
      var k = Math.ceil(key.n.bitLength() / 8);

      /* It is an error if any of the following conditions occurs:
    
        1. The encryption block EB cannot be parsed unambiguously.
        2. The padding string PS consists of fewer than eight octets
          or is inconsisent with the block type BT.
        3. The decryption process is a public-key operation and the block
          type BT is not 00 or 01, or the decryption process is a
          private-key operation and the block type is not 02.
       */

      // parse the encryption block
      // TODO: shouldn't need to copy here, consumer must copy if necessary
      var eb = em.copy();
      var first = eb.getByte();
      var bt = eb.getByte();
      if (first !== 0x00 || !(bt >= 0x00 && bt <= 0x02) ||
        (bt === 0x00 && typeof (ml) === 'undefined')) {
        throw new Error('Encryption block is invalid.');
      }

      var padNum = 0;
      if (bt === 0x00) {
        // check all padding bytes for 0x00
        padNum = k - 3 - ml;
        for (var i = 0; i < padNum; ++i) {
          if (eb.getByte() !== 0x00) {
            throw new Error('Encryption block is invalid.');
          }
        }
      } else if (bt === 0x01) {
        // find the first byte that isn't 0xFF, should be after all padding
        padNum = 0;
        while (eb.length() > 1) {
          if (eb.getByte() !== 0xFF) {
            --eb.read;
            break;
          }
          ++padNum;
        }
      } else if (bt === 0x02) {
        // look for 0x00 byte
        padNum = 0;
        while (eb.length() > 1) {
          if (eb.getByte() === 0x00) {
            --eb.read;
            break;
          }
          ++padNum;
        }
      }

      // zero must be 0x00 and padNum must be (k - 3 - message length)
      var zero = eb.getByte();
      if (zero !== 0x00 || padNum !== (k - 3 - eb.length())) {
        throw new Error('Encryption block is invalid.');
      }

      // FIXME: get ByteBuffer.slice?
      return new ByteBuffer().putBuffer(eb);
    };

    /*
     * Encodes the given message (M) using the given key, optional label (L), and
     * seed using RSAES-OAEP.
     *
     * This method does not perform RSA encryption, it only encodes the message
     * using RSAES-OAEP.
     *
     * @param key the RSA key to use.
     * @param message the message to encode.
     * @param options the options to use:
     *          label an optional label to use.
     *          seed the seed to use.
     *          md the message digest object to use, undefined for SHA-1.
     *          mgf1 optional mgf1 parameters:
     *            md the message digest object to use for MGF1.
     *
     * @return the encoded message bytes as a ByteBuffer.
     */
    pkcs1.encode_rsa_oaep = function (key, message, options) {
      if (!(message instanceof ByteBuffer)) {
        throw new TypeError('message must be a ByteBuffer');
      }

      // TODO: use buffers throughout
      message = message.bytes();

      // parse arguments
      var label;
      var seed;
      var md;
      var mgf1Md;
      // legacy args (label, seed, md)
      if (typeof options === 'string') {
        label = options;
        seed = arguments[3] || undefined;
        md = arguments[4] || undefined;
      } else if (options) {
        label = options.label || undefined;
        seed = options.seed || undefined;
        md = options.md || undefined;
        if (options.mgf1 && options.mgf1.md) {
          mgf1Md = options.mgf1.md;
        }
      }

      // default OAEP to SHA-1 message digest
      if (!md) {
        md = forge.md.sha1.create();
      } else {
        md.start();
      }

      // default MGF-1 to same as OAEP
      if (!mgf1Md) {
        mgf1Md = md;
      }

      // compute length in bytes and check output
      var keyLength = Math.ceil(key.n.bitLength() / 8);
      var maxLength = keyLength - 2 * md.digestLength - 2;
      if (message.length > maxLength) {
        var error = new Error(
          'RSAES-OAEP input message length is too long; message length=' +
          message.length + ', max length=' + maxLength);
        error.length = message.length;
        error.maxLength = maxLength;
        throw error;
      }

      if (!label) {
        label = '';
      }
      md.update(label, 'binary');
      var lHash = md.digest();

      var PS = '';
      var PS_length = maxLength - message.length;
      for (var i = 0; i < PS_length; i++) {
        PS += '\x00';
      }

      var DB = lHash.getBytes() + PS + '\x01' + message;

      if (!seed) {
        // TODO: return ByteBuffer from forge.random
        seed = new ByteBuffer(forge.random.getBytes(md.digestLength), 'binary');
      } else if (seed.length() !== md.digestLength) {
        var error = new Error(
          'Invalid RSAES-OAEP seed. The seed length must match the digest ' +
          'length; seed length=' + seed.length() +
          ', digest length=' + md.digestLength);
        error.seedLength = seed.length();
        error.digestLength = md.digestLength;
        throw error;
      }

      // TODO: use buffer
      seed = seed.bytes();

      var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);
      var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length);

      var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);
      var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length);

      // return encoded message
      return new ByteBuffer('\x00' + maskedSeed + maskedDB, 'binary');
    };

    /*
     * Decodes the given RSAES-OAEP encoded message (EM) using the given key
     * and optional label (L).
     *
     * This method does not perform RSA decryption, it only decodes the message
     * using RSAES-OAEP.
     *
     * @param key the RSA key to use.
     * @param em the encoded message to decode.
     * @param options the options to use:
     *          label an optional label to use.
     *          md the message digest object to use for OAEP, undefined for SHA-1.
     *          mgf1 optional mgf1 parameters:
     *            md the message digest object to use for MGF1.
     *
     * @return the decoded message bytes as a ByteBuffer.
     */
    pkcs1.decode_rsa_oaep = function (key, em, options) {
      if (!(em instanceof ByteBuffer)) {
        throw new TypeError('em must be a ByteBuffer');
      }

      // TODO: use buffers throughout
      em = em.bytes();

      // parse args
      var label;
      var md;
      var mgf1Md;
      // legacy args
      if (typeof options === 'string') {
        label = options;
        md = arguments[3] || undefined;
      } else if (options) {
        label = options.label || undefined;
        md = options.md || undefined;
        if (options.mgf1 && options.mgf1.md) {
          mgf1Md = options.mgf1.md;
        }
      }

      // compute length in bytes
      var keyLength = Math.ceil(key.n.bitLength() / 8);

      if (em.length !== keyLength) {
        var error = new Error('RSAES-OAEP encoded message length is invalid.');
        error.length = em.length;
        error.expectedLength = keyLength;
        throw error;
      }

      // default OAEP to SHA-1 message digest
      if (md === undefined) {
        md = forge.md.sha1.create();
      } else {
        md.start();
      }

      // default MGF-1 to same as OAEP
      if (!mgf1Md) {
        mgf1Md = md;
      }

      if (keyLength < 2 * md.digestLength + 2) {
        throw new Error('RSAES-OAEP key is too short for the hash function.');
      }

      if (!label) {
        label = '';
      }
      md.update(label, 'binary');
      var lHash = md.digest().getBytes();

      // split the message into its parts
      var y = em.charAt(0);
      var maskedSeed = em.substring(1, md.digestLength + 1);
      var maskedDB = em.substring(1 + md.digestLength);

      var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);
      var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length);

      var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);
      var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length);

      var lHashPrime = db.substring(0, md.digestLength);

      // constant time check that all values match what is expected
      var error = (y !== '\x00');

      // constant time check lHash vs lHashPrime
      for (var i = 0; i < md.digestLength; ++i) {
        error |= (lHash.charAt(i) !== lHashPrime.charAt(i));
      }

      // "constant time" find the 0x1 byte separating the padding (zeros) from the
      // message
      // TODO: It must be possible to do this in a better/smarter way?
      var in_ps = 1;
      var index = md.digestLength;
      for (var j = md.digestLength; j < db.length; j++) {
        var code = db.charCodeAt(j);

        var is_0 = (code & 0x1) ^ 0x1;

        // non-zero if not 0 or 1 in the ps section
        var error_mask = in_ps ? 0xfffe : 0x0000;
        error |= (code & error_mask);

        // latch in_ps to zero after we find 0x1
        in_ps = in_ps & is_0;
        index += in_ps;
      }

      if (error || db.charCodeAt(index) !== 0x1) {
        throw new Error('Invalid RSAES-OAEP padding.');
      }

      return new ByteBuffer(db.substring(index + 1), 'binary');
    };

    function rsa_mgf1(seed, maskLength, hash) {
      // default to SHA-1 message digest
      if (!hash) {
        hash = forge.md.sha1.create();
      }
      var t = '';
      var count = Math.ceil(maskLength / hash.digestLength);
      for (var i = 0; i < count; ++i) {
        var c = String.fromCharCode(
          (i >> 24) & 0xFF, (i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF);
        hash.start();
        hash.update(seed + c, 'binary');
        t += hash.digest().getBytes();
      }
      return t.substring(0, maskLength);
    }

  } // end module implementation

  return initModule(forge);
})();

/*
 * Javascript implementation of PKCS#7 v1.5. Currently only certain parts of
 * PKCS#7 are implemented, especially the enveloped-data content type.
 *
 * @author Stefan Siegl
 * @author Dave Longley
 *
 * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
 * Copyright (c) 2012-2015 Digital Bazaar, Inc.
 *
 * Currently this implementation only supports ContentType of either
 * EnvelopedData or EncryptedData on root level.  The top level elements may
 * contain only a ContentInfo of ContentType Data, i.e. plain data.  Further
 * nesting is not (yet) supported.
 *
 * The Forge validators for PKCS #7's ASN.1 structures are available from
 * a seperate file pkcs7asn1.js, since those are referenced from other
 * PKCS standards like PKCS #12.
 */
(function () {
  /* ########## Begin module implementation ########## */
  function initModule(forge) {

    // shortcut for ASN.1 API
    var asn1 = forge.asn1;

    // shortcut for PKCS#7 API
    var p7 = forge.pkcs7 = forge.pkcs7 || {};

    var ByteBuffer = forge.util.ByteBuffer;

    p7.messageToPem = function (msg) {
      // convert to ASN.1, then DER, then PEM-encode
      var pemObj = {
        type: 'PKCS7',
        body: asn1.toDer(msg.toAsn1())
      };
      return forge.pem.encode(pemObj);
    };

    /*
     * Converts a single RecipientInfo from an ASN.1 object.
     *
     * @param obj The ASN.1 representation of a RecipientInfo.
     *
     * @return The recipientInfo object.
     */
    var _recipientInfoFromAsn1 = function (obj) {
      // Validate EnvelopedData content block and capture data.
      var capture = {};
      var errors = [];
      if (!asn1.validate(obj, p7.asn1.recipientInfoValidator, capture, errors)) {
        var error = new Error('Cannot read PKCS#7 message. ' +
          'ASN.1 object is not an PKCS#7 EnvelopedData.');
        error.errors = errors;
        throw error;
      }

      // ensure encryption parameters are copied
      var param = capture.encParameter.value;
      if (param instanceof ByteBuffer) {
        param = param.copy();
      }
      return {
        version: capture.version,
        issuer: forge.pki.RDNAttributesAsArray(capture.issuer),
        serialNumber: capture.serial,
        encryptedContent: {
          algorithm: capture.encAlgorithm,
          parameter: param,
          content: capture.encKey
        }
      };
    };

    /*
     * Converts a single recipientInfo object to an ASN.1 object.
     *
     * @param obj The recipientInfo object.
     *
     * @return The ASN.1 representation of a RecipientInfo.
     */
    var _recipientInfoToAsn1 = function (obj) {
      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
        // Version
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, obj.version),
        // IssuerAndSerialNumber
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // Name
          forge.pki.distinguishedNameToAsn1({ attributes: obj.issuer }),
          // Serial
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
            new ByteBuffer(obj.serialNumber, 'hex'))
        ]),
        // KeyEncryptionAlgorithmIdentifier
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // Algorithm
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
            obj.encryptedContent.algorithm),
          // Parameter, force NULL, only RSA supported for now.
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, null)
        ]),
        // EncryptedKey
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
          new ByteBuffer(obj.encryptedContent.content, 'binary'))
      ]);
    };

    /*
     * Map a set of RecipientInfo ASN.1 objects to recipientInfo objects.
     *
     * @param objArr Array of ASN.1 representations RecipientInfo (i.e. SET OF).
     *
     * @return array of recipientInfo objects.
     */
    var _recipientInfosFromAsn1 = function (objArr) {
      var ret = [];
      for (var i = 0; i < objArr.length; i++) {
        ret.push(_recipientInfoFromAsn1(objArr[i]));
      }
      return ret;
    };

    /*
     * Map an array of recipientInfo objects to ASN.1 objects.
     *
     * @param recipientsArr Array of recipientInfo objects.
     *
     * @return Array of ASN.1 representations RecipientInfo.
     */
    var _recipientInfosToAsn1 = function (recipientsArr) {
      var ret = [];
      for (var i = 0; i < recipientsArr.length; i++) {
        ret.push(_recipientInfoToAsn1(recipientsArr[i]));
      }
      return ret;
    };

    /*
     * Map messages encrypted content to ASN.1 objects.
     *
     * @param ec The encryptedContent object of the message.
     *
     * @return ASN.1 representation of the encryptedContent object (SEQUENCE).
     */
    var _encryptedContentToAsn1 = function (ec) {
      return [
        // ContentType, always Data for the moment
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
          forge.pki.oids.data),
        // ContentEncryptionAlgorithmIdentifier
        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
          // Algorithm
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, ec.algorithm),
          // Parameters (IV)
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
            ec.parameter)
        ]),
        // [0] EncryptedContent
        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
            ec.content)
        ])
      ];
    };

    /*
     * Reads the "common part" of an PKCS#7 content block (in ASN.1 format)
     *
     * This function reads the "common part" of the PKCS#7 content blocks
     * EncryptedData and EnvelopedData, i.e. version number and symmetrically
     * encrypted content block.
     *
     * The result of the ASN.1 validate and capture process is returned
     * to allow the caller to extract further data, e.g. the list of recipients
     * in case of a EnvelopedData object.
     *
     * @param msg the PKCS#7 object to read the data to.
     * @param obj the ASN.1 representation of the content block.
     * @param validator the ASN.1 structure validator object to use.
     *
     * @return the value map captured by validator object.
     */
    var _fromAsn1 = function (msg, obj, validator) {
      var capture = {};
      var errors = [];
      if (!asn1.validate(obj, validator, capture, errors)) {
        var error = new Error('Cannot read PKCS#7 message. ' +
          'ASN.1 object is not a supported PKCS#7 message.');
        error.errors = error;
        throw error;
      }

      // Check contentType, so far we only support (raw) Data.
      if (capture.contentType !== forge.pki.oids.data) {
        throw new Error('Unsupported PKCS#7 message. ' +
          'Only wrapped ContentType Data supported.');
      }

      if (capture.encryptedContent) {
        var content = [];
        if (forge.util.isArray(capture.encryptedContent)) {
          for (var i = 0; i < capture.encryptedContent.length; ++i) {
            if (capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {
              throw new Error('Malformed PKCS#7 message, expecting encrypted ' +
                'content constructed of only OCTET STRING objects.');
            }
            content.push(capture.encryptedContent[i].value);
          }
        } else {
          content.push(capture.encryptedContent);
        }
        // ensure encryption parameters are copied
        var param = capture.encParameter.value;
        if (param instanceof ByteBuffer) {
          param = param.copy();
        }
        msg.encryptedContent = {
          algorithm: capture.encAlgorithm,
          parameter: param,
          content: ByteBuffer.concat(content)
        };
      }

      if (capture.content) {
        var content = [];
        if (forge.util.isArray(capture.content)) {
          for (var i = 0; i < capture.content.length; ++i) {
            if (capture.content[i].type !== asn1.Type.OCTETSTRING) {
              throw new Error('Malformed PKCS#7 message, expecting ' +
                'content constructed of only OCTET STRING objects.');
            }
            content.push(capture.content[i].value);
          }
        } else {
          content.push(capture.content);
        }
        msg.content = ByteBuffer.concat(content);
      }

      msg.version = capture.version;
      msg.rawCapture = capture;

      return capture;
    };

    /*
     * Creates an empty PKCS#7 message of type EnvelopedData.
     *
     * @return the message.
     */
    p7.createEnvelopedData = function () {
      var msg = null;
      msg = {
        type: forge.pki.oids.envelopedData,
        version: 0,
        recipients: [],
        encryptedContent: {
          algorithm: forge.pki.oids['des-EDE3-CBC']
        },

        /**
         * Reads an EnvelopedData content block (in ASN.1 format)
         *
         * @param obj the ASN.1 representation of the EnvelopedData content block.
         */
        fromAsn1: function (obj) {
          // validate EnvelopedData content block and capture data
          var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);
          msg.recipients = _recipientInfosFromAsn1(capture.recipientInfos.value);
        },

        toAsn1: function () {
          // ContentInfo
          return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
            // ContentType
            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, msg.type),
            // [0] EnvelopedData
            asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
                // Version
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
                  msg.version),
                // RecipientInfos
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,
                  _recipientInfosToAsn1(msg.recipients)),
                // EncryptedContentInfo
                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,
                  _encryptedContentToAsn1(msg.encryptedContent))
              ])
            ])
          ]);
        },

        /*
         * Find recipient by X.509 certificate's issuer.
         *
         * @param cert the certificate with the issuer to look for.
         *
         * @return the recipient object.
         */
        findRecipient: function (cert) {
          var sAttr = cert.issuer.attributes;

          for (var i = 0; i < msg.recipients.length; ++i) {
            var r = msg.recipients[i];
            var rAttr = r.issuer;

            if (r.serialNumber !== cert.serialNumber) {
              continue;
            }

            if (rAttr.length !== sAttr.length) {
              continue;
            }

            var match = true;
            for (var j = 0; j < sAttr.length; ++j) {
              if (rAttr[j].type !== sAttr[j].type ||
                rAttr[j].value !== sAttr[j].value) {
                match = false;
                break;
              }
            }

            if (match) {
              return r;
            }
          }

          return null;
        },

        /*
         * Add (another) entity to list of recipients.
         *
         * @param cert The certificate of the entity to add.
         */
        addRecipient: function (cert) {
          msg.recipients.push({
            version: 0,
            issuer: cert.issuer.attributes,
            serialNumber: cert.serialNumber,
            encryptedContent: {
              // We simply assume rsaEncryption here, since forge.pki only
              // supports RSA so far.  If the PKI module supports other
              // ciphers one day, we need to modify this one as well.
              algorithm: forge.pki.oids.rsaEncryption,
              key: cert.publicKey
            }
          });
        },

        /*
         * Encrypt enveloped content.
         *
         * This function supports two optional arguments, cipher and key, which
         * can be used to influence symmetric encryption.  Unless cipher is
         * provided, the cipher specified in encryptedContent.algorithm is used
         * (defaults to AES-256-CBC).  If no key is provided, encryptedContent.key
         * is (re-)used.  If that one's not set, a random key will be generated
         * automatically.
         *
         * @param [key] The key to be used for symmetric encryption.
         * @param [algOid] The OID of the symmetric cipher to use.
         */
        encrypt: function (key, algOid) {
          // Part 1: Symmetric encryption
          if (msg.encryptedContent.content === undefined) {
            algOid = algOid || msg.encryptedContent.algorithm;
            key = key || msg.encryptedContent.key;

            var keyLen, ivLen, algorithm;
            switch (algOid) {
              case forge.pki.oids['aes128-CBC']:
                keyLen = 16;
                ivLen = 16;
                algorithm = 'AES-CBC';
                break;

              case forge.pki.oids['aes192-CBC']:
                keyLen = 24;
                ivLen = 16;
                algorithm = 'AES-CBC';
                break;

              case forge.pki.oids['aes256-CBC']:
                keyLen = 32;
                ivLen = 16;
                algorithm = 'AES-CBC';
                break;

              case forge.pki.oids['des-EDE3-CBC']:
                keyLen = 24;
                ivLen = 8;
                algorithm = '3DES-CBC';
                break;

              default:
                throw new Error(
                  'Unsupported symmetric cipher algorithm, OID ' + algOid);
            }

            if (key === undefined) {
              key = new ByteBuffer(forge.random.getBytes(keyLen));
            } else if (key.length() != keyLen) {
              throw new Error('Symmetric key has wrong length; ' +
                'got ' + key.length() + ' bytes, expected ' + keyLen + '.');
            }

            // Keep a copy of the key & IV in the object, so the caller can
            // use it for whatever reason.
            msg.encryptedContent.algorithm = algOid;
            msg.encryptedContent.key = key;
            msg.encryptedContent.parameter = new ByteBuffer(
              forge.random.getBytes(ivLen));

            var cipher = forge.cipher.createCipher(algorithm, key);
            cipher.start({ iv: msg.encryptedContent.parameter });
            cipher.update(msg.content);

            // The finish function does PKCS#7 padding by default, therefore
            // no action required by us.
            if (!cipher.finish()) {
              throw new Error('Symmetric encryption failed.');
            }

            msg.encryptedContent.content = cipher.output;
          }

          // Part 2: asymmetric encryption for each recipient
          for (var i = 0; i < msg.recipients.length; i++) {
            var recipient = msg.recipients[i];

            // Nothing to do, encryption already done.
            if (recipient.encryptedContent.content !== undefined) {
              continue;
            }

            switch (recipient.encryptedContent.algorithm) {
              case forge.pki.oids.rsaEncryption:
                recipient.encryptedContent.content =
                  recipient.encryptedContent.key.encrypt(
                    msg.encryptedContent.key.copy(), 'RSAES-PKCS1-V1_5');
                break;

              default:
                throw new Error('Unsupported asymmetric cipher, OID ' +
                  recipient.encryptedContent.algorithm);
            }
          }
        }
      };
      return msg;
    };

  } // end module implementation

  return initModule(forge);
})();

var _waitToExec_timeOut;
function waitToExec(condition, callback) {
  if (condition()) {
    callback();
    clearTimeout(_waitToExec_timeOut);
  } else {
    _waitToExec_timeOut = setTimeout("waitToExec(" + condition + ", " + callback + "); ", 1000);
  }
}



/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
/**
 * CryptoJS core components.
 */
var CryptoJS = CryptoJS || (function (Math, undefined) {
  /**
   * CryptoJS namespace.
   */
  var C = {};

  /**
   * Library namespace.
   */
  var C_lib = C.lib = {};

  /**
   * Base object for prototypal inheritance.
   */
  var Base = C_lib.Base = (function () {
    function F() { }

    return {
      /**
       * Creates a new object that inherits from this object.
       *
       * @param {Object} overrides Properties to copy into the new object.
       *
       * @return {Object} The new object.
       *
       * @static
       *
       * @example
       *
       *     var MyType = CryptoJS.lib.Base.extend({
       *         field: 'value',
       *
       *         method: function () {
       *         }
       *     });
       */
      extend: function (overrides) {
        // Spawn
        F.prototype = this;
        var subtype = new F();

        // Augment
        if (overrides) {
          subtype.mixIn(overrides);
        }

        // Create default initializer
        if (!subtype.hasOwnProperty('init')) {
          subtype.init = function () {
            subtype.$super.init.apply(this, arguments);
          };
        }

        // Initializer's prototype is the subtype object
        subtype.init.prototype = subtype;

        // Reference supertype
        subtype.$super = this;

        return subtype;
      },

      /**
       * Extends this object and runs the init method.
       * Arguments to create() will be passed to init().
       *
       * @return {Object} The new object.
       *
       * @static
       *
       * @example
       *
       *     var instance = MyType.create();
       */
      create: function () {
        var instance = this.extend();
        instance.init.apply(instance, arguments);

        return instance;
      },

      /**
       * Initializes a newly created object.
       * Override this method to add some logic when your objects are created.
       *
       * @example
       *
       *     var MyType = CryptoJS.lib.Base.extend({
       *         init: function () {
       *             // ...
       *         }
       *     });
       */
      init: function () {
      },

      /**
       * Copies properties into this object.
       *
       * @param {Object} properties The properties to mix in.
       *
       * @example
       *
       *     MyType.mixIn({
       *         field: 'value'
       *     });
       */
      mixIn: function (properties) {
        for (var propertyName in properties) {
          if (properties.hasOwnProperty(propertyName)) {
            this[propertyName] = properties[propertyName];
          }
        }

        // IE won't copy toString using the loop above
        if (properties.hasOwnProperty('toString')) {
          this.toString = properties.toString;
        }
      },

      /**
       * Creates a copy of this object.
       *
       * @return {Object} The clone.
       *
       * @example
       *
       *     var clone = instance.clone();
       */
      clone: function () {
        return this.init.prototype.extend(this);
      }
    };
  }());

  /**
   * An array of 32-bit words.
   *
   * @property {Array} words The array of 32-bit words.
   * @property {number} sigBytes The number of significant bytes in this word array.
   */
  var WordArray = C_lib.WordArray = Base.extend({
    /**
     * Initializes a newly created word array.
     *
     * @param {Array} words (Optional) An array of 32-bit words.
     * @param {number} sigBytes (Optional) The number of significant bytes in the words.
     *
     * @example
     *
     *     var wordArray = CryptoJS.lib.WordArray.create();
     *     var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
     *     var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
     */
    init: function (words, sigBytes) {
      words = this.words = words || [];

      if (sigBytes != undefined) {
        this.sigBytes = sigBytes;
      } else {
        this.sigBytes = words.length * 4;
      }
    },

    /**
     * Converts this word array to a string.
     *
     * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
     *
     * @return {string} The stringified word array.
     *
     * @example
     *
     *     var string = wordArray + '';
     *     var string = wordArray.toString();
     *     var string = wordArray.toString(CryptoJS.enc.Utf8);
     */
    toString: function (encoder) {
      return (encoder || Hex).stringify(this);
    },

    /**
     * Concatenates a word array to this word array.
     *
     * @param {WordArray} wordArray The word array to append.
     *
     * @return {WordArray} This word array.
     *
     * @example
     *
     *     wordArray1.concat(wordArray2);
     */
    concat: function (wordArray) {
      // Shortcuts
      var thisWords = this.words;
      var thatWords = wordArray.words;
      var thisSigBytes = this.sigBytes;
      var thatSigBytes = wordArray.sigBytes;

      // Clamp excess bits
      this.clamp();

      // Concat
      if (thisSigBytes % 4) {
        // Copy one byte at a time
        for (var i = 0; i < thatSigBytes; i++) {
          var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
          thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
        }
      } else if (thatWords.length > 0xffff) {
        // Copy one word at a time
        for (var i = 0; i < thatSigBytes; i += 4) {
          thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
        }
      } else {
        // Copy all words at once
        thisWords.push.apply(thisWords, thatWords);
      }
      this.sigBytes += thatSigBytes;

      // Chainable
      return this;
    },

    /**
     * Removes insignificant bits.
     *
     * @example
     *
     *     wordArray.clamp();
     */
    clamp: function () {
      // Shortcuts
      var words = this.words;
      var sigBytes = this.sigBytes;

      // Clamp
      words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
      words.length = Math.ceil(sigBytes / 4);
    },

    /**
     * Creates a copy of this word array.
     *
     * @return {WordArray} The clone.
     *
     * @example
     *
     *     var clone = wordArray.clone();
     */
    clone: function () {
      var clone = Base.clone.call(this);
      clone.words = this.words.slice(0);

      return clone;
    },

    /**
     * Creates a word array filled with random bytes.
     *
     * @param {number} nBytes The number of random bytes to generate.
     *
     * @return {WordArray} The random word array.
     *
     * @static
     *
     * @example
     *
     *     var wordArray = CryptoJS.lib.WordArray.random(16);
     */
    random: function (nBytes) {
      var words = [];
      for (var i = 0; i < nBytes; i += 4) {
        words.push((Math.random() * 0x100000000) | 0);
      }

      return new WordArray.init(words, nBytes);
    }
  });

  /**
   * Encoder namespace.
   */
  var C_enc = C.enc = {};

  /**
   * Hex encoding strategy.
   */
  var Hex = C_enc.Hex = {
    /**
     * Converts a word array to a hex string.
     *
     * @param {WordArray} wordArray The word array.
     *
     * @return {string} The hex string.
     *
     * @static
     *
     * @example
     *
     *     var hexString = CryptoJS.enc.Hex.stringify(wordArray);
     */
    stringify: function (wordArray) {
      // Shortcuts
      var words = wordArray.words;
      var sigBytes = wordArray.sigBytes;

      // Convert
      var hexChars = [];
      for (var i = 0; i < sigBytes; i++) {
        var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
        hexChars.push((bite >>> 4).toString(16));
        hexChars.push((bite & 0x0f).toString(16));
      }

      return hexChars.join('');
    },

    /**
     * Converts a hex string to a word array.
     *
     * @param {string} hexStr The hex string.
     *
     * @return {WordArray} The word array.
     *
     * @static
     *
     * @example
     *
     *     var wordArray = CryptoJS.enc.Hex.parse(hexString);
     */
    parse: function (hexStr) {
      // Shortcut
      var hexStrLength = hexStr.length;

      // Convert
      var words = [];
      for (var i = 0; i < hexStrLength; i += 2) {
        words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
      }

      return new WordArray.init(words, hexStrLength / 2);
    }
  };

  /**
   * Latin1 encoding strategy.
   */
  var Latin1 = C_enc.Latin1 = {
    /**
     * Converts a word array to a Latin1 string.
     *
     * @param {WordArray} wordArray The word array.
     *
     * @return {string} The Latin1 string.
     *
     * @static
     *
     * @example
     *
     *     var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
     */
    stringify: function (wordArray) {
      // Shortcuts
      var words = wordArray.words;
      var sigBytes = wordArray.sigBytes;

      // Convert
      var latin1Chars = [];
      for (var i = 0; i < sigBytes; i++) {
        var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
        latin1Chars.push(String.fromCharCode(bite));
      }

      return latin1Chars.join('');
    },

    /**
     * Converts a Latin1 string to a word array.
     *
     * @param {string} latin1Str The Latin1 string.
     *
     * @return {WordArray} The word array.
     *
     * @static
     *
     * @example
     *
     *     var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
     */
    parse: function (latin1Str) {
      // Shortcut
      var latin1StrLength = latin1Str.length;

      // Convert
      var words = [];
      for (var i = 0; i < latin1StrLength; i++) {
        words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
      }

      return new WordArray.init(words, latin1StrLength);
    }
  };

  /**
   * UTF-8 encoding strategy.
   */
  var Utf8 = C_enc.Utf8 = {
    /**
     * Converts a word array to a UTF-8 string.
     *
     * @param {WordArray} wordArray The word array.
     *
     * @return {string} The UTF-8 string.
     *
     * @static
     *
     * @example
     *
     *     var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
     */
    stringify: function (wordArray) {
      try {
        return decodeURIComponent(escape(Latin1.stringify(wordArray)));
      } catch (e) {
        throw new Error('Malformed UTF-8 data');
      }
    },

    /**
     * Converts a UTF-8 string to a word array.
     *
     * @param {string} utf8Str The UTF-8 string.
     *
     * @return {WordArray} The word array.
     *
     * @static
     *
     * @example
     *
     *     var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
     */
    parse: function (utf8Str) {
      return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
    }
  };

  /**
   * Abstract buffered block algorithm template.
   *
   * The property blockSize must be implemented in a concrete subtype.
   *
   * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
   */
  var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
    /**
     * Resets this block algorithm's data buffer to its initial state.
     *
     * @example
     *
     *     bufferedBlockAlgorithm.reset();
     */
    reset: function () {
      // Initial values
      this._data = new WordArray.init();
      this._nDataBytes = 0;
    },

    /**
     * Adds new data to this block algorithm's buffer.
     *
     * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
     *
     * @example
     *
     *     bufferedBlockAlgorithm._append('data');
     *     bufferedBlockAlgorithm._append(wordArray);
     */
    _append: function (data) {
      // Convert string to WordArray, else assume WordArray already
      if (typeof data == 'string') {
        data = Utf8.parse(data);
      }

      // Append
      this._data.concat(data);
      this._nDataBytes += data.sigBytes;
    },

    /**
     * Processes available data blocks.
     *
     * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
     *
     * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
     *
     * @return {WordArray} The processed data.
     *
     * @example
     *
     *     var processedData = bufferedBlockAlgorithm._process();
     *     var processedData = bufferedBlockAlgorithm._process(!!'flush');
     */
    _process: function (doFlush) {
      // Shortcuts
      var data = this._data;
      var dataWords = data.words;
      var dataSigBytes = data.sigBytes;
      var blockSize = this.blockSize;
      var blockSizeBytes = blockSize * 4;

      // Count blocks ready
      var nBlocksReady = dataSigBytes / blockSizeBytes;
      if (doFlush) {
        // Round up to include partial blocks
        nBlocksReady = Math.ceil(nBlocksReady);
      } else {
        // Round down to include only full blocks,
        // less the number of blocks that must remain in the buffer
        nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
      }

      // Count words ready
      var nWordsReady = nBlocksReady * blockSize;

      // Count bytes ready
      var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);

      // Process blocks
      if (nWordsReady) {
        for (var offset = 0; offset < nWordsReady; offset += blockSize) {
          // Perform concrete-algorithm logic
          this._doProcessBlock(dataWords, offset);
        }

        // Remove processed words
        var processedWords = dataWords.splice(0, nWordsReady);
        data.sigBytes -= nBytesReady;
      }

      // Return processed words
      return new WordArray.init(processedWords, nBytesReady);
    },

    /**
     * Creates a copy of this object.
     *
     * @return {Object} The clone.
     *
     * @example
     *
     *     var clone = bufferedBlockAlgorithm.clone();
     */
    clone: function () {
      var clone = Base.clone.call(this);
      clone._data = this._data.clone();

      return clone;
    },

    _minBufferSize: 0
  });

  /**
   * Abstract hasher template.
   *
   * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
   */
  var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
    /**
     * Configuration options.
     */
    cfg: Base.extend(),

    /**
     * Initializes a newly created hasher.
     *
     * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
     *
     * @example
     *
     *     var hasher = CryptoJS.algo.SHA256.create();
     */
    init: function (cfg) {
      // Apply config defaults
      this.cfg = this.cfg.extend(cfg);

      // Set initial values
      this.reset();
    },

    /**
     * Resets this hasher to its initial state.
     *
     * @example
     *
     *     hasher.reset();
     */
    reset: function () {
      // Reset data buffer
      BufferedBlockAlgorithm.reset.call(this);

      // Perform concrete-hasher logic
      this._doReset();
    },

    /**
     * Updates this hasher with a message.
     *
     * @param {WordArray|string} messageUpdate The message to append.
     *
     * @return {Hasher} This hasher.
     *
     * @example
     *
     *     hasher.update('message');
     *     hasher.update(wordArray);
     */
    update: function (messageUpdate) {
      // Append
      this._append(messageUpdate);

      // Update the hash
      this._process();

      // Chainable
      return this;
    },

    /**
     * Finalizes the hash computation.
     * Note that the finalize operation is effectively a destructive, read-once operation.
     *
     * @param {WordArray|string} messageUpdate (Optional) A final message update.
     *
     * @return {WordArray} The hash.
     *
     * @example
     *
     *     var hash = hasher.finalize();
     *     var hash = hasher.finalize('message');
     *     var hash = hasher.finalize(wordArray);
     */
    finalize: function (messageUpdate) {
      // Final message update
      if (messageUpdate) {
        this._append(messageUpdate);
      }

      // Perform concrete-hasher logic
      var hash = this._doFinalize();

      return hash;
    },

    blockSize: 512 / 32,

    /**
     * Creates a shortcut function to a hasher's object interface.
     *
     * @param {Hasher} hasher The hasher to create a helper for.
     *
     * @return {Function} The shortcut function.
     *
     * @static
     *
     * @example
     *
     *     var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
     */
    _createHelper: function (hasher) {
      return function (message, cfg) {
        return new hasher.init(cfg).finalize(message);
      };
    },

    /**
     * Creates a shortcut function to the HMAC's object interface.
     *
     * @param {Hasher} hasher The hasher to use in this HMAC helper.
     *
     * @return {Function} The shortcut function.
     *
     * @static
     *
     * @example
     *
     *     var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
     */
    _createHmacHelper: function (hasher) {
      return function (message, key) {
        return new C_algo.HMAC.init(hasher, key).finalize(message);
      };
    }
  });

  /**
   * Algorithm namespace.
   */
  var C_algo = C.algo = {};

  return C;
}(Math));


(function (Math) {
  // Shortcuts
  var C = CryptoJS;
  var C_lib = C.lib;
  var WordArray = C_lib.WordArray;
  var Hasher = C_lib.Hasher;
  var C_algo = C.algo;
  var C_enc = C.enc;

  // Initialization and round constants tables
  var H = [0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e];

  // Reusable object
  var W = [];
  var W_ = [];

  var SM3Zin_;

  /**
   * SM3 hash algorithm.
   */
  var SM3 = C_algo.SM3 = Hasher.extend({
    /*init: function(pubx, puby) {
        Hasher.init.call(this);
    },*/

    getZ: function (pubx, puby) {
      var Zhash = SM3Zin_.clone();
      // public key -x or -xy if puby is nonexist
      if (typeof pubx == 'string' && pubx.length == 130 && pubx.substr(0, 2) == '04')
        pubx = pubx.substr(2);
      Zhash.update(C_enc.Hex.parse(pubx));
      if (puby) { // public key -y
        Zhash.update(C_enc.Hex.parse(puby));
      }
      var zval = Zhash.finalize();
      return zval; // WordArray
    },

    zinit: function (pubx, puby) {
      var Zhash = SM3Zin_.clone();
      // public key -x or -xy if puby is nonexist
      if (typeof pubx == 'string' && pubx.length == 130 && pubx.substr(0, 2) == '04')
        pubx = pubx.substr(2);
      Zhash.update(C_enc.Hex.parse(pubx));
      if (puby) { // public key -y
        Zhash.update(C_enc.Hex.parse(puby));
      }
      var zval = Zhash.finalize();
      Zhash.init();
      Zhash.update(zval);
      return Zhash; // WordArray
    },

    _doReset: function () {
      this._hash = new WordArray.init(H.slice(0));
    },

    _doProcessBlock: function (M, offset) {
      // Shortcut
      var H = this._hash.words;

      // Working variables
      var a = H[0];
      var b = H[1];
      var c = H[2];
      var d = H[3];
      var e = H[4];
      var f = H[5];
      var g = H[6];
      var h = H[7];

      // Computation
      // W0..W67
      for (var i = 0; i < 16; i++) {
        W[i] = M[offset + i] | 0;
      }
      for (i = 16; i < 68; i++) {
        var Wi_3 = W[i - 3];
        var p1_arg = W[i - 16] ^ W[i - 9] ^ ((Wi_3 << 15) | (Wi_3 >>> 17));
        var Wi_13 = W[i - 13];
        var p1val = p1_arg ^ ((p1_arg << 15) | (p1_arg >>> 17)) ^ ((p1_arg << 23) | (p1_arg >>> 9))
        W[i] = p1val ^ ((Wi_13 << 7) | Wi_13 >>> 25) ^ W[i - 6];
      }
      // W'0..W'63
      for (i = 0; i < 64; ++i) {
        W_[i] = W[i] ^ W[i + 4];
      }

      //// consts
      var tj01 = 0x79cc4519;
      var tj02 = 0x7a879d8a;

      // variables
      var k, Alr12, SS0, SS1, SS2, TT1, TT2;

      /* first part, 0 ~ 15 */
      for (k = 0; k < 16; ++k) {
        Alr12 = ((a << 12) | (a >>> 20));
        SS0 = Alr12 + e + ((tj01 << k) | (tj01 >>> (32 - k)));
        SS1 = (SS0 << 7) | (SS0 >>> 25);
        SS2 = SS1 ^ Alr12;
        TT1 = ((a ^ b) ^ c) + d + SS2 + W_[k];
        TT2 = ((e ^ f) ^ g) + h + SS1 + W[k];
        d = c;
        c = (b << 9) | (b >>> 23);
        b = a;
        a = TT1;
        h = g;
        g = (f << 19) | (f >>> 13);
        f = e;
        e = (TT2 ^ ((TT2 << 9) | (TT2 >>> 23))) ^ ((TT2 << 17) | (TT2 >>> 15));
      }

      // second part, 16 ~ 63
      for (k = 16; k < 64; ++k) {
        var LRTj = tj02;
        if (k < 32) {
          LRTj = (tj02 << k) | (tj02 >>> (32 - k));
        } else if (k > 32) {
          LRTj = (tj02 << (k - 32)) | (tj02 >>> (64 - k));
        }
        Alr12 = ((a << 12) | (a >>> 20));
        SS0 = Alr12 + e + LRTj;
        SS1 = (SS0 << 7) | (SS0 >>> 25);
        SS2 = SS1 ^ Alr12;
        TT1 = ((a & b) | (a & c) | (b & c)) + d + SS2 + W_[k];
        TT2 = ((e & f) | ((~e) & g)) + h + SS1 + W[k];

        d = c;
        c = (b << 9) | (b >>> 23);
        b = a;
        a = TT1;
        h = g;
        g = (f << 19) | (f >>> 13);
        f = e;
        e = (TT2 ^ ((TT2 << 9) | (TT2 >>> 23))) ^ ((TT2 << 17) | (TT2 >>> 15));
      }

      /* reassign value */
      H[0] = a ^ H[0];
      H[1] = b ^ H[1];
      H[2] = c ^ H[2];
      H[3] = d ^ H[3];
      H[4] = e ^ H[4];
      H[5] = f ^ H[5];
      H[6] = g ^ H[6];
      H[7] = h ^ H[7];
    }, // endof _doProcessBlock

    _doFinalize: function () {
      // Shortcuts
      var data = this._data;
      var dataWords = data.words;

      var nBitsTotal = this._nDataBytes * 8;
      var nBitsLeft = data.sigBytes * 8;

      // Add padding
      dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
      dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
      dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
      data.sigBytes = dataWords.length * 4;

      // Hash final blocks
      this._process();

      // Return final computed hash
      return this._hash;
    },

    clone: function () {
      var clone = Hasher.clone.call(this);
      clone._hash = this._hash.clone();

      return clone;
    }
  });

  // calculate Z value first part
  (function () {
    // SM2 arguments
    var USER_ID = [0x31323334, 0x35363738, 0x31323334, 0x35363738];
    // Z = IDLEN(2) || userid || a || b || Gx || Gy || pubx || puby
    var Zin = [0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFC,  // a
      0x28E9FA9E, 0x9D9F5E34, 0x4D5A9E4B, 0xCF6509A7, 0xF39789F5, 0x15AB8F92, 0xDDBCBD41, 0x4D940E93,  // b
      0x32C4AE2C, 0x1F198119, 0x5F990446, 0x6A39C994, 0x8FE30BBF, 0xF2660BE1, 0x715A4589, 0x334C74C7,  // Gx
      0xBC3736A2, 0xF4F6779C, 0x59BDCEE3, 0x6B692153, 0xD0A9877C, 0xC62A4740, 0x02DF32E5, 0x2139F0A0]; // Gy

    SM3Zin_ = SM3.create();
    // ENTLEN
    SM3Zin_.update(new WordArray.init([0x00800000], 2));
    SM3Zin_.update(new WordArray.init(USER_ID));
    SM3Zin_.update(new WordArray.init(Zin));
  }());

  /**
   * Shortcut function to the hasher's object interface.
   *
   * @param {WordArray|string} message The message to hash.
   *
   * @return {WordArray} The hash.
   *
   * @static
   *
   * @example
   *
   *     var hash = CryptoJS.SM3('message');
   *     var hash = CryptoJS.SM3(wordArray);
   */
  C.SM3 = Hasher._createHelper(SM3);

  /**
   * Shortcut function to the HMAC's object interface.
   *
   * @param {WordArray|string} message The message to hash.
   * @param {WordArray|string} key The secret key.
   *
   * @return {WordArray} The HMAC.
   *
   * @static
   *
   * @example
   *
   *     var hmac = CryptoJS.HmacSHA256(message, key);
   */
  C.HmacSM3 = Hasher._createHmacHelper(SM3);
}(Math));


(function () {
  if (typeof xtx === 'undefined') {
    xtx = {};
  }

  if (!window.FileReader) {
    alert("�����������֧��HTML5��");
    return;
  }

  xtx.map = {};
  xtx.data = '00A4:A1E8,00A7:A1EC,00A8:A1A7,00B0:A1E3,00B1:A1C0,00B7:A1A4,00D7:A1C1,00E0:A8A4,00E1:A8A2,00E8:A8A8,00E9:A8A6,00EA:A8BA,00EC:A8AC,00ED:A8AA,00F2:A8B0,00F3:A8AE,00F7:A1C2,00F9:A8B4,00FA:A8B2,00FC:A8B9,0101:A8A1,0113:A8A5,011B:A8A7,012B:A8A9,014D:A8AD,016B:A8B1,01CE:A8A3,01D0:A8AB,01D2:A8AF,01D4:A8B3,01D6:A8B5,01D8:A8B6,01DA:A8B7,01DC:A8B8,02C7:A1A6,02C9:A1A5,0391:A6A1,0392:A6A2,0393:A6A3,0394:A6A4,0395:A6A5,0396:A6A6,0397:A6A7,0398:A6A8,0399:A6A9,039A:A6AA,039B:A6AB,039C:A6AC,039D:A6AD,039E:A6AE,039F:A6AF,03A0:A6B0,03A1:A6B1,03A3:A6B2,03A4:A6B3,03A5:A6B4,03A6:A6B5,03A7:A6B6,03A8:A6B7,03A9:A6B8,03B1:A6C1,03B2:A6C2,03B3:A6C3,03B4:A6C4,03B5:A6C5,03B6:A6C6,03B7:A6C7,03B8:A6C8,03B9:A6C9,03BA:A6CA,03BB:A6CB,03BC:A6CC,03BD:A6CD,03BE:A6CE,03BF:A6CF,03C0:A6D0,03C1:A6D1,03C3:A6D2,03C4:A6D3,03C5:A6D4,03C6:A6D5,03C7:A6D6,03C8:A6D7,03C9:A6D8,0401:A7A7,0410:A7A1,0411:A7A2,0412:A7A3,0413:A7A4,0414:A7A5,0415:A7A6,0416:A7A8,0417:A7A9,0418:A7AA,0419:A7AB,041A:A7AC,041B:A7AD,041C:A7AE,041D:A7AF,041E:A7B0,041F:A7B1,0420:A7B2,0421:A7B3,0422:A7B4,0423:A7B5,0424:A7B6,0425:A7B7,0426:A7B8,0427:A7B9,0428:A7BA,0429:A7BB,042A:A7BC,042B:A7BD,042C:A7BE,042D:A7BF,042E:A7C0,042F:A7C1,0430:A7D1,0431:A7D2,0432:A7D3,0433:A7D4,0434:A7D5,0435:A7D6,0436:A7D8,0437:A7D9,0438:A7DA,0439:A7DB,043A:A7DC,043B:A7DD,043C:A7DE,043D:A7DF,043E:A7E0,043F:A7E1,0440:A7E2,0441:A7E3,0442:A7E4,0443:A7E5,0444:A7E6,0445:A7E7,0446:A7E8,0447:A7E9,0448:A7EA,0449:A7EB,044A:A7EC,044B:A7ED,044C:A7EE,044D:A7EF,044E:A7F0,044F:A7F1,0451:A7D7,2014:A1AA,2016:A1AC,2018:A1AE,2019:A1AF,201C:A1B0,201D:A1B1,2026:A1AD,2030:A1EB,2032:A1E4,2033:A1E5,203B:A1F9,2103:A1E6,2116:A1ED,2160:A2F1,2161:A2F2,2162:A2F3,2163:A2F4,2164:A2F5,2165:A2F6,2166:A2F7,2167:A2F8,2168:A2F9,2169:A2FA,216A:A2FB,216B:A2FC,2190:A1FB,2191:A1FC,2192:A1FA,2193:A1FD,2208:A1CA,220F:A1C7,2211:A1C6,221A:A1CC,221D:A1D8,221E:A1DE,2220:A1CF,2225:A1CE,2227:A1C4,2228:A1C5,2229:A1C9,222A:A1C8,222B:A1D2,222E:A1D3,2234:A1E0,2235:A1DF,2236:A1C3,2237:A1CB,223D:A1D7,2248:A1D6,224C:A1D5,2260:A1D9,2261:A1D4,2264:A1DC,2265:A1DD,226E:A1DA,226F:A1DB,2299:A1D1,22A5:A1CD,2312:A1D0,2460:A2D9,2461:A2DA,2462:A2DB,2463:A2DC,2464:A2DD,2465:A2DE,2466:A2DF,2467:A2E0,2468:A2E1,2469:A2E2,2474:A2C5,2475:A2C6,2476:A2C7,2477:A2C8,2478:A2C9,2479:A2CA,247A:A2CB,247B:A2CC,247C:A2CD,247D:A2CE,247E:A2CF,247F:A2D0,2480:A2D1,2481:A2D2,2482:A2D3,2483:A2D4,2484:A2D5,2485:A2D6,2486:A2D7,2487:A2D8,2488:A2B1,2489:A2B2,248A:A2B3,248B:A2B4,248C:A2B5,248D:A2B6,248E:A2B7,248F:A2B8,2490:A2B9,2491:A2BA,2492:A2BB,2493:A2BC,2494:A2BD,2495:A2BE,2496:A2BF,2497:A2C0,2498:A2C1,2499:A2C2,249A:A2C3,249B:A2C4,2500:A9A4,2501:A9A5,2502:A9A6,2503:A9A7,2504:A9A8,2505:A9A9,2506:A9AA,2507:A9AB,2508:A9AC,2509:A9AD,250A:A9AE,250B:A9AF,250C:A9B0,250D:A9B1,250E:A9B2,250F:A9B3,2510:A9B4,2511:A9B5,2512:A9B6,2513:A9B7,2514:A9B8,2515:A9B9,2516:A9BA,2517:A9BB,2518:A9BC,2519:A9BD,251A:A9BE,251B:A9BF,251C:A9C0,251D:A9C1,251E:A9C2,251F:A9C3,2520:A9C4,2521:A9C5,2522:A9C6,2523:A9C7,2524:A9C8,2525:A9C9,2526:A9CA,2527:A9CB,2528:A9CC,2529:A9CD,252A:A9CE,252B:A9CF,252C:A9D0,252D:A9D1,252E:A9D2,252F:A9D3,2530:A9D4,2531:A9D5,2532:A9D6,2533:A9D7,2534:A9D8,2535:A9D9,2536:A9DA,2537:A9DB,2538:A9DC,2539:A9DD,253A:A9DE,253B:A9DF,253C:A9E0,253D:A9E1,253E:A9E2,253F:A9E3,2540:A9E4,2541:A9E5,2542:A9E6,2543:A9E7,2544:A9E8,2545:A9E9,2546:A9EA,2547:A9EB,2548:A9EC,2549:A9ED,254A:A9EE,254B:A9EF,25A0:A1F6,25A1:A1F5,25B2:A1F8,25B3:A1F7,25C6:A1F4,25C7:A1F3,25CB:A1F0,25CE:A1F2,25CF:A1F1,2605:A1EF,2606:A1EE,2640:A1E2,2642:A1E1,3000:A1A1,3001:A1A2,3002:A1A3,3003:A1A8,3005:A1A9,3008:A1B4,3009:A1B5,300A:A1B6,300B:A1B7,300C:A1B8,300D:A1B9,300E:A1BA,300F:A1BB,3010:A1BE,3011:A1BF,3013:A1FE,3014:A1B2,3015:A1B3,3016:A1BC,3017:A1BD,3041:A4A1,3042:A4A2,3043:A4A3,3044:A4A4,3045:A4A5,3046:A4A6,3047:A4A7,3048:A4A8,3049:A4A9,304A:A4AA,304B:A4AB,304C:A4AC,304D:A4AD,304E:A4AE,304F:A4AF,3050:A4B0,3051:A4B1,3052:A4B2,3053:A4B3,3054:A4B4,3055:A4B5,3056:A4B6,3057:A4B7,3058:A4B8,3059:A4B9,305A:A4BA,305B:A4BB,305C:A4BC,305D:A4BD,305E:A4BE,305F:A4BF,3060:A4C0,3061:A4C1,3062:A4C2,3063:A4C3,3064:A4C4,3065:A4C5,3066:A4C6,3067:A4C7,3068:A4C8,3069:A4C9,306A:A4CA,306B:A4CB,306C:A4CC,306D:A4CD,306E:A4CE,306F:A4CF,3070:A4D0,3071:A4D1,3072:A4D2,3073:A4D3,3074:A4D4,3075:A4D5,3076:A4D6,3077:A4D7,3078:A4D8,3079:A4D9,307A:A4DA,307B:A4DB,307C:A4DC,307D:A4DD,307E:A4DE,307F:A4DF,3080:A4E0,3081:A4E1,3082:A4E2,3083:A4E3,3084:A4E4,3085:A4E5,3086:A4E6,3087:A4E7,3088:A4E8,3089:A4E9,308A:A4EA,308B:A4EB,308C:A4EC,308D:A4ED,308E:A4EE,308F:A4EF,3090:A4F0,3091:A4F1,3092:A4F2,3093:A4F3,30A1:A5A1,30A2:A5A2,30A3:A5A3,30A4:A5A4,30A5:A5A5,30A6:A5A6,30A7:A5A7,30A8:A5A8,30A9:A5A9,30AA:A5AA,30AB:A5AB,30AC:A5AC,30AD:A5AD,30AE:A5AE,30AF:A5AF,30B0:A5B0,30B1:A5B1,30B2:A5B2,30B3:A5B3,30B4:A5B4,30B5:A5B5,30B6:A5B6,30B7:A5B7,30B8:A5B8,30B9:A5B9,30BA:A5BA,30BB:A5BB,30BC:A5BC,30BD:A5BD,30BE:A5BE,30BF:A5BF,30C0:A5C0,30C1:A5C1,30C2:A5C2,30C3:A5C3,30C4:A5C4,30C5:A5C5,30C6:A5C6,30C7:A5C7,30C8:A5C8,30C9:A5C9,30CA:A5CA,30CB:A5CB,30CC:A5CC,30CD:A5CD,30CE:A5CE,30CF:A5CF,30D0:A5D0,30D1:A5D1,30D2:A5D2,30D3:A5D3,30D4:A5D4,30D5:A5D5,30D6:A5D6,30D7:A5D7,30D8:A5D8,30D9:A5D9,30DA:A5DA,30DB:A5DB,30DC:A5DC,30DD:A5DD,30DE:A5DE,30DF:A5DF,30E0:A5E0,30E1:A5E1,30E2:A5E2,30E3:A5E3,30E4:A5E4,30E5:A5E5,30E6:A5E6,30E7:A5E7,30E8:A5E8,30E9:A5E9,30EA:A5EA,30EB:A5EB,30EC:A5EC,30ED:A5ED,30EE:A5EE,30EF:A5EF,30F0:A5F0,30F1:A5F1,30F2:A5F2,30F3:A5F3,30F4:A5F4,30F5:A5F5,30F6:A5F6,3105:A8C5,3106:A8C6,3107:A8C7,3108:A8C8,3109:A8C9,310A:A8CA,310B:A8CB,310C:A8CC,310D:A8CD,310E:A8CE,310F:A8CF,3110:A8D0,3111:A8D1,3112:A8D2,3113:A8D3,3114:A8D4,3115:A8D5,3116:A8D6,3117:A8D7,3118:A8D8,3119:A8D9,311A:A8DA,311B:A8DB,311C:A8DC,311D:A8DD,311E:A8DE,311F:A8DF,3120:A8E0,3121:A8E1,3122:A8E2,3123:A8E3,3124:A8E4,3125:A8E5,3126:A8E6,3127:A8E7,3128:A8E8,3129:A8E9,3220:A2E5,3221:A2E6,3222:A2E7,3223:A2E8,3224:A2E9,3225:A2EA,3226:A2EB,3227:A2EC,3228:A2ED,3229:A2EE,4E00:D2BB,4E01:B6A1,4E03:C6DF,4E07:CDF2,4E08:D5C9,4E09:C8FD,4E0A:C9CF,4E0B:CFC2,4E0C:D8A2,4E0D:B2BB,4E0E:D3EB,4E10:D8A4,4E11:B3F3,4E13:D7A8,4E14:C7D2,4E15:D8A7,4E16:CAC0,4E18:C7F0,4E19:B1FB,4E1A:D2B5,4E1B:B4D4,4E1C:B6AB,4E1D:CBBF,4E1E:D8A9,4E22:B6AA,4E24:C1BD,4E25:D1CF,4E27:C9A5,4E28:D8AD,4E2A:B8F6,4E2B:D1BE,4E2C:E3DC,4E2D:D6D0,4E30:B7E1,4E32:B4AE,4E34:C1D9,4E36:D8BC,4E38:CDE8,4E39:B5A4,4E3A:CEAA,4E3B:D6F7,4E3D:C0F6,4E3E:BED9,4E3F:D8AF,4E43:C4CB,4E45:BEC3,4E47:D8B1,4E48:C3B4,4E49:D2E5,4E4B:D6AE,4E4C:CEDA,4E4D:D5A7,4E4E:BAF5,4E4F:B7A6,4E50:C0D6,4E52:C6B9,4E53:C5D2,4E54:C7C7,4E56:B9D4,4E58:B3CB,4E59:D2D2,4E5C:D8BF,4E5D:BEC5,4E5E:C6F2,4E5F:D2B2,4E60:CFB0,4E61:CFE7,4E66:CAE9,4E69:D8C0,4E70:C2F2,4E71:C2D2,4E73:C8E9,4E7E:C7AC,4E86:C1CB,4E88:D3E8,4E89:D5F9,4E8B:CAC2,4E8C:B6FE,4E8D:D8A1,4E8E:D3DA,4E8F:BFF7,4E91:D4C6,4E92:BBA5,4E93:D8C1,4E94:CEE5,4E95:BEAE,4E98:D8A8,4E9A:D1C7,4E9B:D0A9,4E9F:D8BD,4EA0:D9EF,4EA1:CDF6,4EA2:BFBA,4EA4:BDBB,4EA5:BAA5,4EA6:D2E0,4EA7:B2FA,4EA8:BAE0,4EA9:C4B6,4EAB:CFED,4EAC:BEA9,4EAD:CDA4,4EAE:C1C1,4EB2:C7D7,4EB3:D9F1,4EB5:D9F4,4EBA:C8CB,4EBB:D8E9,4EBF:D2DA,4EC0:CAB2,4EC1:C8CA,4EC2:D8EC,4EC3:D8EA,4EC4:D8C6,4EC5:BDF6,4EC6:C6CD,4EC7:B3F0,4EC9:D8EB,4ECA:BDF1,4ECB:BDE9,4ECD:C8D4,4ECE:B4D3,4ED1:C2D8,4ED3:B2D6,4ED4:D7D0,4ED5:CACB,4ED6:CBFB,4ED7:D5CC,4ED8:B8B6,4ED9:CFC9,4EDD:D9DA,4EDE:D8F0,4EDF:C7AA,4EE1:D8EE,4EE3:B4FA,4EE4:C1EE,4EE5:D2D4,4EE8:D8ED,4EEA:D2C7,4EEB:D8EF,4EEC:C3C7,4EF0:D1F6,4EF2:D6D9,4EF3:D8F2,4EF5:D8F5,4EF6:BCFE,4EF7:BCDB,4EFB:C8CE,4EFD:B7DD,4EFF:B7C2,4F01:C6F3,4F09:D8F8,4F0A:D2C1,4F0D:CEE9,4F0E:BCBF,4F0F:B7FC,4F10:B7A5,4F11:D0DD,4F17:D6DA,4F18:D3C5,4F19:BBEF,4F1A:BBE1,4F1B:D8F1,4F1E:C9A1,4F1F:CEB0,4F20:B4AB,4F22:D8F3,4F24:C9CB,4F25:D8F6,4F26:C2D7,4F27:D8F7,4F2A:CEB1,4F2B:D8F9,4F2F:B2AE,4F30:B9C0,4F32:D9A3,4F34:B0E9,4F36:C1E6,4F38:C9EC,4F3A:CBC5,4F3C:CBC6,4F3D:D9A4,4F43:B5E8,4F46:B5AB,4F4D:CEBB,4F4E:B5CD,4F4F:D7A1,4F50:D7F4,4F51:D3D3,4F53:CCE5,4F55:BACE,4F57:D9A2,4F58:D9DC,4F59:D3E0,4F5A:D8FD,4F5B:B7F0,4F5C:D7F7,4F5D:D8FE,4F5E:D8FA,4F5F:D9A1,4F60:C4E3,4F63:D3B6,4F64:D8F4,4F65:D9DD,4F67:D8FB,4F69:C5E5,4F6C:C0D0,4F6F:D1F0,4F70:B0DB,4F73:BCD1,4F74:D9A6,4F76:D9A5,4F7B:D9AC,4F7C:D9AE,4F7E:D9AB,4F7F:CAB9,4F83:D9A9,4F84:D6B6,4F88:B3DE,4F89:D9A8,4F8B:C0FD,4F8D:CACC,4F8F:D9AA,4F91:D9A7,4F94:D9B0,4F97:B6B1,4F9B:B9A9,4F9D:D2C0,4FA0:CFC0,4FA3:C2C2,4FA5:BDC4,4FA6:D5EC,4FA7:B2E0,4FA8:C7C8,4FA9:BFEB,4FAA:D9AD,4FAC:D9AF,4FAE:CEEA,4FAF:BAEE,4FB5:C7D6,4FBF:B1E3,4FC3:B4D9,4FC4:B6ED,4FC5:D9B4,4FCA:BFA1,4FCE:D9DE,4FCF:C7CE,4FD0:C0FE,4FD1:D9B8,4FD7:CBD7,4FD8:B7FD,4FDA:D9B5,4FDC:D9B7,4FDD:B1A3,4FDE:D3E1,4FDF:D9B9,4FE1:D0C5,4FE3:D9B6,4FE6:D9B1,4FE8:D9B2,4FE9:C1A9,4FEA:D9B3,4FED:BCF3,4FEE:D0DE,4FEF:B8A9,4FF1:BEE3,4FF3:D9BD,4FF8:D9BA,4FFA:B0B3,4FFE:D9C2,500C:D9C4,500D:B1B6,500F:D9BF,5012:B5B9,5014:BEF3,5018:CCC8,5019:BAF2,501A:D2D0,501C:D9C3,501F:BDE8,5021:B3AB,5025:D9C5,5026:BEEB,5028:D9C6,5029:D9BB,502A:C4DF,502C:D9BE,502D:D9C1,502E:D9C0,503A:D5AE,503C:D6B5,503E:C7E3,5043:D9C8,5047:BCD9,5048:D9CA,504C:D9BC,504E:D9CB,504F:C6AB,5055:D9C9,505A:D7F6,505C:CDA3,5065:BDA1,506C:D9CC,5076:C5BC,5077:CDB5,507B:D9CD,507E:D9C7,507F:B3A5,5080:BFFE,5085:B8B5,5088:C0FC,508D:B0F8,50A3:B4F6,50A5:D9CE,50A7:D9CF,50A8:B4A2,50A9:D9D0,50AC:B4DF,50B2:B0C1,50BA:D9D1,50BB:C9B5,50CF:CFF1,50D6:D9D2,50DA:C1C5,50E6:D9D6,50E7:C9AE,50EC:D9D5,50ED:D9D4,50EE:D9D7,50F3:CBDB,50F5:BDA9,50FB:C6A7,5106:D9D3,5107:D9D8,510B:D9D9,5112:C8E5,5121:C0DC,513F:B6F9,5140:D8A3,5141:D4CA,5143:D4AA,5144:D0D6,5145:B3E4,5146:D5D7,5148:CFC8,5149:B9E2,514B:BFCB,514D:C3E2,5151:B6D2,5154:CDC3,5155:D9EE,5156:D9F0,515A:B5B3,515C:B6B5,5162:BEA4,5165:C8EB,5168:C8AB,516B:B0CB,516C:B9AB,516D:C1F9,516E:D9E2,5170:C0BC,5171:B9B2,5173:B9D8,5174:D0CB,5175:B1F8,5176:C6E4,5177:BEDF,5178:B5E4,5179:D7C8,517B:D1F8,517C:BCE6,517D:CADE,5180:BCBD,5181:D9E6,5182:D8E7,5185:C4DA,5188:B8D4,5189:C8BD,518C:B2E1,518D:D4D9,5192:C3B0,5195:C3E1,5196:DAA2,5197:C8DF,5199:D0B4,519B:BEFC,519C:C5A9,51A0:B9DA,51A2:DAA3,51A4:D4A9,51A5:DAA4,51AB:D9FB,51AC:B6AC,51AF:B7EB,51B0:B1F9,51B1:D9FC,51B2:B3E5,51B3:BEF6,51B5:BFF6,51B6:D2B1,51B7:C0E4,51BB:B6B3,51BC:D9FE,51BD:D9FD,51C0:BEBB,51C4:C6E0,51C6:D7BC,51C7:DAA1,51C9:C1B9,51CB:B5F2,51CC:C1E8,51CF:BCF5,51D1:B4D5,51DB:C1DD,51DD:C4FD,51E0:BCB8,51E1:B7B2,51E4:B7EF,51EB:D9EC,51ED:C6BE,51EF:BFAD,51F0:BBCB,51F3:B5CA,51F5:DBC9,51F6:D0D7,51F8:CDB9,51F9:B0BC,51FA:B3F6,51FB:BBF7,51FC:DBCA,51FD:BAAF,51FF:D4E4,5200:B5B6,5201:B5F3,5202:D8D6,5203:C8D0,5206:B7D6,5207:C7D0,5208:D8D7,520A:BFAF,520D:DBBB,520E:D8D8,5211:D0CC,5212:BBAE,5216:EBBE,5217:C1D0,5218:C1F5,5219:D4F2,521A:B8D5,521B:B4B4,521D:B3F5,5220:C9BE,5224:C5D0,5228:C5D9,5229:C0FB,522B:B1F0,522D:D8D9,522E:B9CE,5230:B5BD,5233:D8DA,5236:D6C6,5237:CBA2,5238:C8AF,5239:C9B2,523A:B4CC,523B:BFCC,523D:B9F4,523F:D8DB,5240:D8DC,5241:B6E7,5242:BCC1,5243:CCEA,524A:CFF7,524C:D8DD,524D:C7B0,5250:B9D0,5251:BDA3,5254:CCDE,5256:C6CA,525C:D8E0,525E:D8DE,5261:D8DF,5265:B0FE,5267:BEE7,5269:CAA3,526A:BCF4,526F:B8B1,5272:B8EE,527D:D8E2,527F:BDCB,5281:D8E4,5282:D8E3,5288:C5FC,5290:D8E5,5293:D8E6,529B:C1A6,529D:C8B0,529E:B0EC,529F:B9A6,52A0:BCD3,52A1:CEF1,52A2:DBBD,52A3:C1D3,52A8:B6AF,52A9:D6FA,52AA:C5AC,52AB:BDD9,52AC:DBBE,52AD:DBBF,52B1:C0F8,52B2:BEA2,52B3:C0CD,52BE:DBC0,52BF:CAC6,52C3:B2AA,52C7:D3C2,52C9:C3E3,52CB:D1AB,52D0:DBC2,52D2:C0D5,52D6:DBC3,52D8:BFB1,52DF:C4BC,52E4:C7DA,52F0:DBC4,52F9:D9E8,52FA:C9D7,52FE:B9B4,52FF:CEF0,5300:D4C8,5305:B0FC,5306:B4D2,5308:D0D9,530D:D9E9,530F:DECB,5310:D9EB,5315:D8B0,5316:BBAF,5317:B1B1,5319:B3D7,531A:D8CE,531D:D4D1,5320:BDB3,5321:BFEF,5323:CFBB,5326:D8D0,532A:B7CB,532E:D8D1,5339:C6A5,533A:C7F8,533B:D2BD,533E:D8D2,533F:C4E4,5341:CAAE,5343:C7A7,5345:D8A6,5347:C9FD,5348:CEE7,5349:BBDC,534A:B0EB,534E:BBAA,534F:D0AD,5351:B1B0,5352:D7E4,5353:D7BF,5355:B5A5,5356:C2F4,5357:C4CF,535A:B2A9,535C:B2B7,535E:B1E5,535F:DFB2,5360:D5BC,5361:BFA8,5362:C2AC,5363:D8D5,5364:C2B1,5366:D8D4,5367:CED4,5369:DAE0,536B:CEC0,536E:D8B4,536F:C3AE,5370:D3A1,5371:CEA3,5373:BCB4,5374:C8B4,5375:C2D1,5377:BEED,5378:D0B6,537A:DAE1,537F:C7E4,5382:B3A7,5384:B6F2,5385:CCFC,5386:C0FA,5389:C0F7,538B:D1B9,538C:D1E1,538D:D8C7,5395:B2DE,5398:C0E5,539A:BAF1,539D:D8C8,539F:D4AD,53A2:CFE1,53A3:D8C9,53A5:D8CA,53A6:CFC3,53A8:B3F8,53A9:BEC7,53AE:D8CB,53B6:DBCC,53BB:C8A5,53BF:CFD8,53C1:C8FE,53C2:B2CE,53C8:D3D6,53C9:B2E6,53CA:BCB0,53CB:D3D1,53CC:CBAB,53CD:B7B4,53D1:B7A2,53D4:CAE5,53D6:C8A1,53D7:CADC,53D8:B1E4,53D9:D0F0,53DB:C5D1,53DF:DBC5,53E0:B5FE,53E3:BFDA,53E4:B9C5,53E5:BEE4,53E6:C1ED,53E8:DFB6,53E9:DFB5,53EA:D6BB,53EB:BDD0,53EC:D5D9,53ED:B0C8,53EE:B6A3,53EF:BFC9,53F0:CCA8,53F1:DFB3,53F2:CAB7,53F3:D3D2,53F5:D8CF,53F6:D2B6,53F7:BAC5,53F8:CBBE,53F9:CCBE,53FB:DFB7,53FC:B5F0,53FD:DFB4,5401:D3F5,5403:B3D4,5404:B8F7,5406:DFBA,5408:BACF,5409:BCAA,540A:B5F5,540C:CDAC,540D:C3FB,540E:BAF3,540F:C0F4,5410:CDC2,5411:CFF2,5412:DFB8,5413:CFC5,5415:C2C0,5416:DFB9,5417:C2F0,541B:BEFD,541D:C1DF,541E:CDCC,541F:D2F7,5420:B7CD,5421:DFC1,5423:DFC4,5426:B7F1,5427:B0C9,5428:B6D6,5429:B7D4,542B:BAAC,542C:CCFD,542D:BFD4,542E:CBB1,542F:C6F4,5431:D6A8,5432:DFC5,5434:CEE2,5435:B3B3,5438:CEFC,5439:B4B5,543B:CEC7,543C:BAF0,543E:CEE1,5440:D1BD,5443:DFC0,5446:B4F4,5448:B3CA,544A:B8E6,544B:DFBB,5450:C4C5,5452:DFBC,5453:DFBD,5454:DFBE,5455:C5BB,5456:DFBF,5457:DFC2,5458:D4B1,5459:DFC3,545B:C7BA,545C:CED8,5462:C4D8,5464:DFCA,5466:DFCF,5468:D6DC,5471:DFC9,5472:DFDA,5473:CEB6,5475:BAC7,5476:DFCE,5477:DFC8,5478:C5DE,547B:C9EB,547C:BAF4,547D:C3FC,5480:BED7,5482:DFC6,5484:DFCD,5486:C5D8,548B:D5A6,548C:BACD,548E:BECC,548F:D3BD,5490:B8C0,5492:D6E4,5494:DFC7,5495:B9BE,5496:BFA7,5499:C1FC,549A:DFCB,549B:DFCC,549D:DFD0,54A3:DFDB,54A4:DFE5,54A6:DFD7,54A7:DFD6,54A8:D7C9,54A9:DFE3,54AA:DFE4,54AB:E5EB,54AC:D2A7,54AD:DFD2,54AF:BFA9,54B1:D4DB,54B3:BFC8,54B4:DFD4,54B8:CFCC,54BB:DFDD,54BD:D1CA,54BF:DFDE,54C0:B0A7,54C1:C6B7,54C2:DFD3,54C4:BAE5,54C6:B6DF,54C7:CDDB,54C8:B9FE,54C9:D4D5,54CC:DFDF,54CD:CFEC,54CE:B0A5,54CF:DFE7,54D0:DFD1,54D1:D1C6,54D2:DFD5,54D3:DFD8,54D4:DFD9,54D5:DFDC,54D7:BBA9,54D9:DFE0,54DA:DFE1,54DC:DFE2,54DD:DFE6,54DE:DFE8,54DF:D3B4,54E5:B8E7,54E6:C5B6,54E7:DFEA,54E8:C9DA,54E9:C1A8,54EA:C4C4,54ED:BFDE,54EE:CFF8,54F2:D5DC,54F3:DFEE,54FA:B2B8,54FC:BADF,54FD:DFEC,54FF:DBC1,5501:D1E4,5506:CBF4,5507:B4BD,5509:B0A6,550F:DFF1,5510:CCC6,5511:DFF2,5514:DFED,551B:DFE9,5520:DFEB,5522:DFEF,5523:DFF0,5524:BBBD,5527:DFF3,552A:DFF4,552C:BBA3,552E:CADB,552F:CEA8,5530:E0A7,5531:B3AA,5533:E0A6,5537:E0A1,553C:DFFE,553E:CDD9,553F:DFFC,5541:DFFA,5543:BFD0,5544:D7C4,5546:C9CC,5549:DFF8,554A:B0A1,5550:DFFD,5555:DFFB,5556:E0A2,555C:E0A8,5561:B7C8,5564:C6A1,5565:C9B6,5566:C0B2,5567:DFF5,556A:C5BE,556C:D8C4,556D:DFF9,556E:C4F6,5575:E0A3,5576:E0A4,5577:E0A5,5578:D0A5,557B:E0B4,557C:CCE4,557E:E0B1,5580:BFA6,5581:E0AF,5582:CEB9,5583:E0AB,5584:C9C6,5587:C0AE,5588:E0AE,5589:BAED,558A:BAB0,558B:E0A9,558F:DFF6,5591:E0B3,5594:E0B8,5598:B4AD,5599:E0B9,559C:CFB2,559D:BAC8,559F:E0B0,55A7:D0FA,55B1:E0AC,55B3:D4FB,55B5:DFF7,55B7:C5E7,55B9:E0AD,55BB:D3F7,55BD:E0B6,55BE:E0B7,55C4:E0C4,55C5:D0E1,55C9:E0BC,55CC:E0C9,55CD:E0CA,55D1:E0BE,55D2:E0AA,55D3:C9A4,55D4:E0C1,55D6:E0B2,55DC:CAC8,55DD:E0C3,55DF:E0B5,55E1:CECB,55E3:CBC3,55E4:E0CD,55E5:E0C6,55E6:E0C2,55E8:E0CB,55EA:E0BA,55EB:E0BF,55EC:E0C0,55EF:E0C5,55F2:E0C7,55F3:E0C8,55F5:E0CC,55F7:E0BB,55FD:CBD4,55FE:E0D5,5600:E0D6,5601:E0D2,5608:E0D0,5609:BCCE,560C:E0D1,560E:B8C2,560F:D8C5,5618:D0EA,561B:C2EF,561E:E0CF,561F:E0BD,5623:E0D4,5624:E0D3,5627:E0D7,562C:E0DC,562D:E0D8,5631:D6F6,5632:B3B0,5634:D7EC,5636:CBBB,5639:E0DA,563B:CEFB,563F:BAD9,564C:E0E1,564D:E0DD,564E:D2AD,5654:E0E2,5657:E0DB,5658:E0D9,5659:E0DF,565C:E0E0,5662:E0DE,5664:E0E4,5668:C6F7,5669:D8AC,566A:D4EB,566B:E0E6,566C:CAC9,5671:E0E5,5676:B8C1,567B:E0E7,567C:E0E8,5685:E0E9,5686:E0E3,568E:BABF,568F:CCE7,5693:E0EA,56A3:CFF9,56AF:E0EB,56B7:C8C2,56BC:BDC0,56CA:C4D2,56D4:E0EC,56D7:E0ED,56DA:C7F4,56DB:CBC4,56DD:E0EE,56DE:BBD8,56DF:D8B6,56E0:D2F2,56E1:E0EF,56E2:CDC5,56E4:B6DA,56EB:E0F1,56ED:D4B0,56F0:C0A7,56F1:B4D1,56F4:CEA7,56F5:E0F0,56F9:E0F2,56FA:B9CC,56FD:B9FA,56FE:CDBC,56FF:E0F3,5703:C6D4,5704:E0F4,5706:D4B2,5708:C8A6,5709:E0F6,570A:E0F5,571C:E0F7,571F:CDC1,5723:CAA5,5728:D4DA,5729:DBD7,572A:DBD9,572C:DBD8,572D:B9E7,572E:DBDC,572F:DBDD,5730:B5D8,5733:DBDA,5739:DBDB,573A:B3A1,573B:DBDF,573E:BBF8,5740:D6B7,5742:DBE0,5747:BEF9,574A:B7BB,574C:DBD0,574D:CCAE,574E:BFB2,574F:BBB5,5750:D7F8,5751:BFD3,5757:BFE9,575A:BCE1,575B:CCB3,575C:DBDE,575D:B0D3,575E:CEEB,575F:B7D8,5760:D7B9,5761:C6C2,5764:C0A4,5766:CCB9,5768:DBE7,5769:DBE1,576A:C6BA,576B:DBE3,576D:DBE8,576F:C5F7,5773:DBEA,5776:DBE9,5777:BFC0,577B:DBE6,577C:DBE5,5782:B4B9,5783:C0AC,5784:C2A2,5785:DBE2,5786:DBE4,578B:D0CD,578C:DBED,5792:C0DD,5793:DBF2,579B:B6E2,57A0:DBF3,57A1:DBD2,57A2:B9B8,57A3:D4AB,57A4:DBEC,57A6:BFD1,57A7:DBF0,57A9:DBD1,57AB:B5E6,57AD:DBEB,57AE:BFE5,57B2:DBEE,57B4:DBF1,57B8:DBF9,57C2:B9A1,57C3:B0A3,57CB:C2F1,57CE:B3C7,57CF:DBEF,57D2:DBF8,57D4:C6D2,57D5:DBF4,57D8:DBF5,57D9:DBF7,57DA:DBF6,57DD:DBFE,57DF:D3F2,57E0:B2BA,57E4:DBFD,57ED:DCA4,57EF:DBFB,57F4:DBFA,57F8:DBFC,57F9:C5E0,57FA:BBF9,57FD:DCA3,5800:DCA5,5802:CCC3,5806:B6D1,5807:DDC0,580B:DCA1,580D:DCA2,5811:C7B5,5815:B6E9,5819:DCA7,581E:DCA6,5820:DCA9,5821:B1A4,5824:B5CC,582A:BFB0,5830:D1DF,5835:B6C2,5844:DCA8,584C:CBFA,584D:EBF3,5851:CBDC,5854:CBFE,5858:CCC1,585E:C8FB,5865:DCAA,586B:CCEE,586C:DCAB,587E:DBD3,5880:DCAF,5881:DCAC,5883:BEB3,5885:CAFB,5889:DCAD,5892:C9CA,5893:C4B9,5899:C7BD,589A:DCAE,589E:D4F6,589F:D0E6,58A8:C4AB,58A9:B6D5,58BC:DBD4,58C1:B1DA,58C5:DBD5,58D1:DBD6,58D5:BABE,58E4:C8C0,58EB:CABF,58EC:C8C9,58EE:D7B3,58F0:C9F9,58F3:BFC7,58F6:BAF8,58F9:D2BC,5902:E2BA,5904:B4A6,5907:B1B8,590D:B8B4,590F:CFC4,5914:D9E7,5915:CFA6,5916:CDE2,5919:D9ED,591A:B6E0,591C:D2B9,591F:B9BB,5924:E2B9,5925:E2B7,5927:B4F3,5929:CCEC,592A:CCAB,592B:B7F2,592D:D8B2,592E:D1EB,592F:BABB,5931:CAA7,5934:CDB7,5937:D2C4,5938:BFE4,5939:BCD0,593A:B6E1,593C:DEC5,5941:DEC6,5942:DBBC,5944:D1D9,5947:C6E6,5948:C4CE,5949:B7EE,594B:B7DC,594E:BFFC,594F:D7E0,5951:C6F5,5954:B1BC,5955:DEC8,5956:BDB1,5957:CCD7,5958:DECA,595A:DEC9,5960:B5EC,5962:C9DD,5965:B0C2,5973:C5AE,5974:C5AB,5976:C4CC,5978:BCE9,5979:CBFD,597D:BAC3,5981:E5F9,5982:C8E7,5983:E5FA,5984:CDFD,5986:D7B1,5987:B8BE,5988:C2E8,598A:C8D1,598D:E5FB,5992:B6CA,5993:BCCB,5996:D1FD,5997:E6A1,5999:C3EE,599E:E6A4,59A3:E5FE,59A4:E6A5,59A5:CDD7,59A8:B7C1,59A9:E5FC,59AA:E5FD,59AB:E6A3,59AE:C4DD,59AF:E6A8,59B2:E6A7,59B9:C3C3,59BB:C6DE,59BE:E6AA,59C6:C4B7,59CA:E6A2,59CB:CABC,59D0:BDE3,59D1:B9C3,59D2:E6A6,59D3:D0D5,59D4:CEAF,59D7:E6A9,59D8:E6B0,59DA:D2A6,59DC:BDAA,59DD:E6AD,59E3:E6AF,59E5:C0D1,59E8:D2CC,59EC:BCA7,59F9:E6B1,59FB:D2F6,59FF:D7CB,5A01:CDFE,5A03:CDDE,5A04:C2A6,5A05:E6AB,5A06:E6AC,5A07:BDBF,5A08:E6AE,5A09:E6B3,5A0C:E6B2,5A11:E6B6,5A13:E6B8,5A18:C4EF,5A1C:C4C8,5A1F:BEEA,5A20:C9EF,5A23:E6B7,5A25:B6F0,5A29:C3E4,5A31:D3E9,5A32:E6B4,5A34:E6B5,5A36:C8A2,5A3C:E6BD,5A40:E6B9,5A46:C6C5,5A49:CDF1,5A4A:E6BB,5A55:E6BC,5A5A:BBE9,5A62:E6BE,5A67:E6BA,5A6A:C0B7,5A74:D3A4,5A75:E6BF,5A76:C9F4,5A77:E6C3,5A7A:E6C4,5A7F:D0F6,5A92:C3BD,5A9A:C3C4,5A9B:E6C2,5AAA:E6C1,5AB2:E6C7,5AB3:CFB1,5AB5:EBF4,5AB8:E6CA,5ABE:E6C5,5AC1:BCDE,5AC2:C9A9,5AC9:BCB5,5ACC:CFD3,5AD2:E6C8,5AD4:E6C9,5AD6:E6CE,5AD8:E6D0,5ADC:E6D1,5AE0:E6CB,5AE1:B5D5,5AE3:E6CC,5AE6:E6CF,5AE9:C4DB,5AEB:E6C6,5AF1:E6CD,5B09:E6D2,5B16:E6D4,5B17:E6D3,5B32:E6D5,5B34:D9F8,5B37:E6D6,5B40:E6D7,5B50:D7D3,5B51:E6DD,5B53:E6DE,5B54:BFD7,5B55:D4D0,5B57:D7D6,5B58:B4E6,5B59:CBEF,5B5A:E6DA,5B5B:D8C3,5B5C:D7CE,5B5D:D0A2,5B5F:C3CF,5B62:E6DF,5B63:BCBE,5B64:B9C2,5B65:E6DB,5B66:D1A7,5B69:BAA2,5B6A:C2CF,5B6C:D8AB,5B70:CAEB,5B71:E5EE,5B73:E6DC,5B75:B7F5,5B7A:C8E6,5B7D:C4F5,5B80:E5B2,5B81:C4FE,5B83:CBFC,5B84:E5B3,5B85:D5AC,5B87:D3EE,5B88:CAD8,5B89:B0B2,5B8B:CBCE,5B8C:CDEA,5B8F:BAEA,5B93:E5B5,5B95:E5B4,5B97:D7DA,5B98:B9D9,5B99:D6E6,5B9A:B6A8,5B9B:CDF0,5B9C:D2CB,5B9D:B1A6,5B9E:CAB5,5BA0:B3E8,5BA1:C9F3,5BA2:BFCD,5BA3:D0FB,5BA4:CAD2,5BA5:E5B6,5BA6:BBC2,5BAA:CFDC,5BAB:B9AC,5BB0:D4D7,5BB3:BAA6,5BB4:D1E7,5BB5:CFFC,5BB6:BCD2,5BB8:E5B7,5BB9:C8DD,5BBD:BFED,5BBE:B1F6,5BBF:CBDE,5BC2:BCC5,5BC4:BCC4,5BC5:D2FA,5BC6:C3DC,5BC7:BFDC,5BCC:B8BB,5BD0:C3C2,5BD2:BAAE,5BD3:D4A2,5BDD:C7DE,5BDE:C4AF,5BDF:B2EC,5BE1:B9D1,5BE4:E5BB,5BE5:C1C8,5BE8:D5AF,5BEE:E5BC,5BF0:E5BE,5BF8:B4E7,5BF9:B6D4,5BFA:CBC2,5BFB:D1B0,5BFC:B5BC,5BFF:CAD9,5C01:B7E2,5C04:C9E4,5C06:BDAB,5C09:CEBE,5C0A:D7F0,5C0F:D0A1,5C11:C9D9,5C14:B6FB,5C15:E6D8,5C16:BCE2,5C18:B3BE,5C1A:C9D0,5C1C:E6D9,5C1D:B3A2,5C22:DECC,5C24:D3C8,5C25:DECD,5C27:D2A2,5C2C:DECE,5C31:BECD,5C34:DECF,5C38:CAAC,5C39:D2FC,5C3A:B3DF,5C3B:E5EA,5C3C:C4E1,5C3D:BEA1,5C3E:CEB2,5C3F:C4F2,5C40:BED6,5C41:C6A8,5C42:B2E3,5C45:BED3,5C48:C7FC,5C49:CCEB,5C4A:BDEC,5C4B:CEDD,5C4E:CABA,5C4F:C6C1,5C50:E5EC,5C51:D0BC,5C55:D5B9,5C59:E5ED,5C5E:CAF4,5C60:CDC0,5C61:C2C5,5C63:E5EF,5C65:C2C4,5C66:E5F0,5C6E:E5F8,5C6F:CDCD,5C71:C9BD,5C79:D2D9,5C7A:E1A8,5C7F:D3EC,5C81:CBEA,5C82:C6F1,5C88:E1AC,5C8C:E1A7,5C8D:E1A9,5C90:E1AA,5C91:E1AF,5C94:B2ED,5C96:E1AB,5C97:B8DA,5C98:E1AD,5C99:E1AE,5C9A:E1B0,5C9B:B5BA,5C9C:E1B1,5CA2:E1B3,5CA3:E1B8,5CA9:D1D2,5CAB:E1B6,5CAC:E1B5,5CAD:C1EB,5CB1:E1B7,5CB3:D4C0,5CB5:E1B2,5CB7:E1BA,5CB8:B0B6,5CBD:E1B4,5CBF:BFF9,5CC1:E1B9,5CC4:E1BB,5CCB:E1BE,5CD2:E1BC,5CD9:D6C5,5CE1:CFBF,5CE4:E1BD,5CE5:E1BF,5CE6:C2CD,5CE8:B6EB,5CEA:D3F8,5CED:C7CD,5CF0:B7E5,5CFB:BEFE,5D02:E1C0,5D03:E1C1,5D06:E1C7,5D07:B3E7,5D0E:C6E9,5D14:B4DE,5D16:D1C2,5D1B:E1C8,5D1E:E1C6,5D24:E1C5,5D26:E1C3,5D27:E1C2,5D29:B1C0,5D2D:D5B8,5D2E:E1C4,5D34:E1CB,5D3D:E1CC,5D3E:E1CA,5D47:EFFA,5D4A:E1D3,5D4B:E1D2,5D4C:C7B6,5D58:E1C9,5D5B:E1CE,5D5D:E1D0,5D69:E1D4,5D6B:E1D1,5D6C:E1CD,5D6F:E1CF,5D74:E1D5,5D82:E1D6,5D99:E1D7,5D9D:E1D8,5DB7:E1DA,5DC5:E1DB,5DCD:CEA1,5DDB:E7DD,5DDD:B4A8,5DDE:D6DD,5DE1:D1B2,5DE2:B3B2,5DE5:B9A4,5DE6:D7F3,5DE7:C7C9,5DE8:BEDE,5DE9:B9AE,5DEB:CED7,5DEE:B2EE,5DEF:DBCF,5DF1:BCBA,5DF2:D2D1,5DF3:CBC8,5DF4:B0CD,5DF7:CFEF,5DFD:D9E3,5DFE:BDED,5E01:B1D2,5E02:CAD0,5E03:B2BC,5E05:CBA7,5E06:B7AB,5E08:CAA6,5E0C:CFA3,5E0F:E0F8,5E10:D5CA,5E11:E0FB,5E14:E0FA,5E15:C5C1,5E16:CCFB,5E18:C1B1,5E19:E0F9,5E1A:D6E3,5E1B:B2AF,5E1C:D6C4,5E1D:B5DB,5E26:B4F8,5E27:D6A1,5E2D:CFAF,5E2E:B0EF,5E31:E0FC,5E37:E1A1,5E38:B3A3,5E3B:E0FD,5E3C:E0FE,5E3D:C3B1,5E42:C3DD,5E44:E1A2,5E45:B7F9,5E4C:BBCF,5E54:E1A3,5E55:C4BB,5E5B:E1A4,5E5E:E1A5,5E61:E1A6,5E62:B4B1,5E72:B8C9,5E73:C6BD,5E74:C4EA,5E76:B2A2,5E78:D0D2,5E7A:E7DB,5E7B:BBC3,5E7C:D3D7,5E7D:D3C4,5E7F:B9E3,5E80:E2CF,5E84:D7AF,5E86:C7EC,5E87:B1D3,5E8A:B4B2,5E8B:E2D1,5E8F:D0F2,5E90:C2AE,5E91:E2D0,5E93:BFE2,5E94:D3A6,5E95:B5D7,5E96:E2D2,5E97:B5EA,5E99:C3ED,5E9A:B8FD,5E9C:B8AE,5E9E:C5D3,5E9F:B7CF,5EA0:E2D4,5EA5:E2D3,5EA6:B6C8,5EA7:D7F9,5EAD:CDA5,5EB3:E2D8,5EB5:E2D6,5EB6:CAFC,5EB7:BFB5,5EB8:D3B9,5EB9:E2D5,5EBE:E2D7,5EC9:C1AE,5ECA:C0C8,5ED1:E2DB,5ED2:E2DA,5ED3:C0AA,5ED6:C1CE,5EDB:E2DC,5EE8:E2DD,5EEA:E2DE,5EF4:DBC8,5EF6:D1D3,5EF7:CDA2,5EFA:BDA8,5EFE:DEC3,5EFF:D8A5,5F00:BFAA,5F01:DBCD,5F02:D2EC,5F03:C6FA,5F04:C5AA,5F08:DEC4,5F0A:B1D7,5F0B:DFAE,5F0F:CABD,5F11:DFB1,5F13:B9AD,5F15:D2FD,5F17:B8A5,5F18:BAEB,5F1B:B3DA,5F1F:B5DC,5F20:D5C5,5F25:C3D6,5F26:CFD2,5F27:BBA1,5F29:E5F3,5F2A:E5F2,5F2D:E5F4,5F2F:CDE4,5F31:C8F5,5F39:B5AF,5F3A:C7BF,5F3C:E5F6,5F40:ECB0,5F50:E5E6,5F52:B9E9,5F53:B5B1,5F55:C2BC,5F56:E5E8,5F57:E5E7,5F58:E5E9,5F5D:D2CD,5F61:E1EA,5F62:D0CE,5F64:CDAE,5F66:D1E5,5F69:B2CA,5F6A:B1EB,5F6C:B1F2,5F6D:C5ED,5F70:D5C3,5F71:D3B0,5F73:E1DC,5F77:E1DD,5F79:D2DB,5F7B:B3B9,5F7C:B1CB,5F80:CDF9,5F81:D5F7,5F82:E1DE,5F84:BEB6,5F85:B4FD,5F87:E1DF,5F88:BADC,5F89:E1E0,5F8A:BBB2,5F8B:C2C9,5F8C:E1E1,5F90:D0EC,5F92:CDBD,5F95:E1E2,5F97:B5C3,5F98:C5C7,5F99:E1E3,5F9C:E1E4,5FA1:D3F9,5FA8:E1E5,5FAA:D1AD,5FAD:E1E6,5FAE:CEA2,5FB5:E1E7,5FB7:B5C2,5FBC:E1E8,5FBD:BBD5,5FC3:D0C4,5FC4:E2E0,5FC5:B1D8,5FC6:D2E4,5FC9:E2E1,5FCC:BCC9,5FCD:C8CC,5FCF:E2E3,5FD0:ECFE,5FD1:ECFD,5FD2:DFAF,5FD6:E2E2,5FD7:D6BE,5FD8:CDFC,5FD9:C3A6,5FDD:E3C3,5FE0:D6D2,5FE1:E2E7,5FE4:E2E8,5FE7:D3C7,5FEA:E2EC,5FEB:BFEC,5FED:E2ED,5FEE:E2E5,5FF1:B3C0,5FF5:C4EE,5FF8:E2EE,5FFB:D0C3,5FFD:BAF6,5FFE:E2E9,5FFF:B7DE,6000:BBB3,6001:CCAC,6002:CBCB,6003:E2E4,6004:E2E6,6005:E2EA,6006:E2EB,600A:E2F7,600D:E2F4,600E:D4F5,600F:E2F3,6012:C5AD,6014:D5FA,6015:C5C2,6016:B2C0,6019:E2EF,601B:E2F2,601C:C1AF,601D:CBBC,6020:B5A1,6021:E2F9,6025:BCB1,6026:E2F1,6027:D0D4,6028:D4B9,6029:E2F5,602A:B9D6,602B:E2F6,602F:C7D3,6035:E2F0,603B:D7DC,603C:EDA1,603F:E2F8,6041:EDA5,6042:E2FE,6043:CAD1,604B:C1B5,604D:BBD0,6050:BFD6,6052:BAE3,6055:CBA1,6059:EDA6,605A:EDA3,605D:EDA2,6062:BBD6,6063:EDA7,6064:D0F4,6067:EDA4,6068:BADE,6069:B6F7,606A:E3A1,606B:B6B2,606C:CCF1,606D:B9A7,606F:CFA2,6070:C7A1,6073:BFD2,6076:B6F1,6078:E2FA,6079:E2FB,607A:E2FD,607B:E2FC,607C:C4D5,607D:E3A2,607F:D3C1,6083:E3A7,6084:C7C4,6089:CFA4,608C:E3A9,608D:BAB7,6092:E3A8,6094:BBDA,6096:E3A3,609A:E3A4,609B:E3AA,609D:E3A6,609F:CEF2,60A0:D3C6,60A3:BBBC,60A6:D4C3,60A8:C4FA,60AB:EDA8,60AC:D0FC,60AD:E3A5,60AF:C3F5,60B1:E3AD,60B2:B1AF,60B4:E3B2,60B8:BCC2,60BB:E3AC,60BC:B5BF,60C5:C7E9,60C6:E3B0,60CA:BEAA,60CB:CDEF,60D1:BBF3,60D5:CCE8,60D8:E3AF,60DA:E3B1,60DC:CFA7,60DD:E3AE,60DF:CEA9,60E0:BBDD,60E6:B5EB,60E7:BEE5,60E8:B2D2,60E9:B3CD,60EB:B1B9,60EC:E3AB,60ED:B2D1,60EE:B5AC,60EF:B9DF,60F0:B6E8,60F3:CFEB,60F4:E3B7,60F6:BBCC,60F9:C8C7,60FA:D0CA,6100:E3B8,6101:B3EE,6106:EDA9,6108:D3FA,6109:D3E4,610D:EDAA,610E:E3B9,610F:D2E2,6115:E3B5,611A:D3DE,611F:B8D0,6120:E3B3,6123:E3B6,6124:B7DF,6126:E3B4,6127:C0A2,612B:E3BA,613F:D4B8,6148:B4C8,614A:E3BB,614C:BBC5,614E:C9F7,6151:C9E5,6155:C4BD,615D:EDAB,6162:C2FD,6167:BBDB,6168:BFAE,6170:CEBF,6175:E3BC,6177:BFB6,618B:B1EF,618E:D4F7,6194:E3BE,619D:EDAD,61A7:E3BF,61A8:BAA9,61A9:EDAC,61AC:E3BD,61B7:E3C0,61BE:BAB6,61C2:B6AE,61C8:D0B8,61CA:B0C3,61CB:EDAE,61D1:EDAF,61D2:C0C1,61D4:E3C1,61E6:C5B3,61F5:E3C2,61FF:DCB2,6206:EDB0,6208:B8EA,620A:CEEC,620B:EAA7,620C:D0E7,620D:CAF9,620E:C8D6,620F:CFB7,6210:B3C9,6211:CED2,6212:BDE4,6215:E3DE,6216:BBF2,6217:EAA8,6218:D5BD,621A:C6DD,621B:EAA9,621F:EAAA,6221:EAAC,6222:EAAB,6224:EAAE,6225:EAAD,622A:BDD8,622C:EAAF,622E:C2BE,6233:B4C1,6234:B4F7,6237:BBA7,623D:ECE6,623E:ECE5,623F:B7BF,6240:CBF9,6241:B1E2,6243:ECE7,6247:C9C8,6248:ECE8,6249:ECE9,624B:CAD6,624C:DED0,624D:B2C5,624E:D4FA,6251:C6CB,6252:B0C7,6253:B4F2,6254:C8D3,6258:CDD0,625B:BFB8,6263:BFDB,6266:C7A4,6267:D6B4,6269:C0A9,626A:DED1,626B:C9A8,626C:D1EF,626D:C5A4,626E:B0E7,626F:B3B6,6270:C8C5,6273:B0E2,6276:B7F6,6279:C5FA,627C:B6F3,627E:D5D2,627F:B3D0,6280:BCBC,6284:B3AD,6289:BEF1,628A:B0D1,6291:D2D6,6292:CAE3,6293:D7A5,6295:CDB6,6296:B6B6,6297:BFB9,6298:D5DB,629A:B8A7,629B:C5D7,629F:DED2,62A0:BFD9,62A1:C2D5,62A2:C7C0,62A4:BBA4,62A5:B1A8,62A8:C5EA,62AB:C5FB,62AC:CCA7,62B1:B1A7,62B5:B5D6,62B9:C4A8,62BB:DED3,62BC:D1BA,62BD:B3E9,62BF:C3F2,62C2:B7F7,62C4:D6F4,62C5:B5A3,62C6:B2F0,62C7:C4B4,62C8:C4E9,62C9:C0AD,62CA:DED4,62CC:B0E8,62CD:C5C4,62CE:C1E0,62D0:B9D5,62D2:BEDC,62D3:CDD8,62D4:B0CE,62D6:CDCF,62D7:DED6,62D8:BED0,62D9:D7BE,62DA:DED5,62DB:D5D0,62DC:B0DD,62DF:C4E2,62E2:C2A3,62E3:BCF0,62E5:D3B5,62E6:C0B9,62E7:C5A1,62E8:B2A6,62E9:D4F1,62EC:C0A8,62ED:CAC3,62EE:DED7,62EF:D5FC,62F1:B9B0,62F3:C8AD,62F4:CBA9,62F6:DED9,62F7:BFBD,62FC:C6B4,62FD:D7A7,62FE:CAB0,62FF:C4C3,6301:B3D6,6302:B9D2,6307:D6B8,6308:EAFC,6309:B0B4,630E:BFE6,6311:CCF4,6316:CDDA,631A:D6BF,631B:C2CE,631D:CECE,631E:CCA2,631F:D0AE,6320:C4D3,6321:B5B2,6322:DED8,6323:D5F5,6324:BCB7,6325:BBD3,6328:B0A4,632A:C5B2,632B:B4EC,632F:D5F1,6332:EAFD,6339:DEDA,633A:CDA6,633D:CDEC,6342:CEE6,6343:DEDC,6345:CDB1,6346:C0A6,6349:D7BD,634B:DEDB,634C:B0C6,634D:BAB4,634E:C9D3,634F:C4F3,6350:BEE8,6355:B2B6,635E:C0CC,635F:CBF0,6361:BCF1,6362:BBBB,6363:B5B7,6367:C5F5,6369:DEE6,636D:DEE3,636E:BEDD,6371:DEDF,6376:B4B7,6377:BDDD,637A:DEE0,637B:C4ED,6380:CFC6,6382:B5E0,6387:B6DE,6388:CADA,6389:B5F4,638A:DEE5,638C:D5C6,638E:DEE1,638F:CCCD,6390:C6FE,6392:C5C5,6396:D2B4,6398:BEF2,63A0:C2D3,63A2:CCBD,63A3:B3B8,63A5:BDD3,63A7:BFD8,63A8:CDC6,63A9:D1DA,63AA:B4EB,63AC:DEE4,63AD:DEDD,63AE:DEE7,63B0:EAFE,63B3:C2B0,63B4:DEE2,63B7:D6C0,63B8:B5A7,63BA:B2F4,63BC:DEE8,63BE:DEF2,63C4:DEED,63C6:DEF1,63C9:C8E0,63CD:D7E1,63CE:DEEF,63CF:C3E8,63D0:CCE1,63D2:B2E5,63D6:D2BE,63DE:DEEE,63E0:DEEB,63E1:CED5,63E3:B4A7,63E9:BFAB,63EA:BEBE,63ED:BDD2,63F2:DEE9,63F4:D4AE,63F6:DEDE,63F8:DEEA,63FD:C0BF,63FF:DEEC,6400:B2F3,6401:B8E9,6402:C2A7,6405:BDC1,640B:DEF5,640C:DEF8,640F:B2AB,6410:B4A4,6413:B4EA,6414:C9A6,641B:DEF6,641C:CBD1,641E:B8E3,6420:DEF7,6421:DEFA,6426:DEF9,642A:CCC2,642C:B0E1,642D:B4EE,6434:E5BA,643A:D0AF,643D:B2EB,643F:EBA1,6441:DEF4,6444:C9E3,6445:DEF3,6446:B0DA,6447:D2A1,6448:B1F7,644A:CCAF,6452:DEF0,6454:CBA4,6458:D5AA,645E:DEFB,6467:B4DD,6469:C4A6,646D:DEFD,6478:C3FE,6479:C4A1,647A:DFA1,6482:C1CC,6484:DEFC,6485:BEEF,6487:C6B2,6491:B3C5,6492:C8F6,6495:CBBA,6496:DEFE,6499:DFA4,649E:D7B2,64A4:B3B7,64A9:C1C3,64AC:C7CB,64AD:B2A5,64AE:B4E9,64B0:D7AB,64B5:C4EC,64B7:DFA2,64B8:DFA3,64BA:DFA5,64BC:BAB3,64C0:DFA6,64C2:C0DE,64C5:C9C3,64CD:B2D9,64CE:C7E6,64D0:DFA7,64D2:C7DC,64D7:DFA8,64D8:EBA2,64DE:CBD3,64E2:DFAA,64E4:DFA9,64E6:B2C1,6500:C5CA,6509:DFAB,6512:D4DC,6518:C8C1,6525:DFAC,652B:BEF0,652E:DFAD,652F:D6A7,6534:EAB7,6535:EBB6,6536:CAD5,6538:D8FC,6539:B8C4,653B:B9A5,653E:B7C5,653F:D5FE,6545:B9CA,6548:D0A7,6549:F4CD,654C:B5D0,654F:C3F4,6551:BEC8,6555:EBB7,6556:B0BD,6559:BDCC,655B:C1B2,655D:B1D6,655E:B3A8,6562:B8D2,6563:C9A2,6566:B6D8,656B:EBB8,656C:BEB4,6570:CAFD,6572:C7C3,6574:D5FB,6577:B7F3,6587:CEC4,658B:D5AB,658C:B1F3,6590:ECB3,6591:B0DF,6593:ECB5,6597:B6B7,6599:C1CF,659B:F5FA,659C:D0B1,659F:D5E5,65A1:CED3,65A4:BDEF,65A5:B3E2,65A7:B8AB,65A9:D5B6,65AB:EDBD,65AD:B6CF,65AF:CBB9,65B0:D0C2,65B9:B7BD,65BC:ECB6,65BD:CAA9,65C1:C5D4,65C3:ECB9,65C4:ECB8,65C5:C2C3,65C6:ECB7,65CB:D0FD,65CC:ECBA,65CE:ECBB,65CF:D7E5,65D2:ECBC,65D6:ECBD,65D7:C6EC,65E0:CEDE,65E2:BCC8,65E5:C8D5,65E6:B5A9,65E7:BEC9,65E8:D6BC,65E9:D4E7,65EC:D1AE,65ED:D0F1,65EE:EAB8,65EF:EAB9,65F0:EABA,65F1:BAB5,65F6:CAB1,65F7:BFF5,65FA:CDFA,6600:EAC0,6602:B0BA,6603:EABE,6606:C0A5,660A:EABB,660C:B2FD,660E:C3F7,660F:BBE8,6613:D2D7,6614:CEF4,6615:EABF,6619:EABC,661D:EAC3,661F:D0C7,6620:D3B3,6625:B4BA,6627:C3C1,6628:D7F2,662D:D5D1,662F:CAC7,6631:EAC5,6634:EAC4,6635:EAC7,6636:EAC6,663C:D6E7,663E:CFD4,6641:EACB,6643:BBCE,664B:BDFA,664C:C9CE,664F:EACC,6652:C9B9,6653:CFFE,6654:EACA,6655:D4CE,6656:EACD,6657:EACF,665A:CDED,665F:EAC9,6661:EACE,6664:CEEE,6666:BBDE,6668:B3BF,666E:C6D5,666F:BEB0,6670:CEFA,6674:C7E7,6676:BEA7,6677:EAD0,667A:D6C7,667E:C1C0,6682:D4DD,6684:EAD1,6687:CFBE,668C:EAD2,6691:CAEE,6696:C5AF,6697:B0B5,669D:EAD4,66A7:EAD3,66A8:F4DF,66AE:C4BA,66B4:B1A9,66B9:E5DF,66BE:EAD5,66D9:CAEF,66DB:EAD6,66DC:EAD7,66DD:C6D8,66E6:EAD8,66E9:EAD9,66F0:D4BB,66F2:C7FA,66F3:D2B7,66F4:B8FC,66F7:EAC2,66F9:B2DC,66FC:C2FC,66FE:D4F8,66FF:CCE6,6700:D7EE,6708:D4C2,6709:D3D0,670A:EBC3,670B:C5F3,670D:B7FE,6710:EBD4,6714:CBB7,6715:EBDE,6717:C0CA,671B:CDFB,671D:B3AF,671F:C6DA,6726:EBFC,6728:C4BE,672A:CEB4,672B:C4A9,672C:B1BE,672D:D4FD,672F:CAF5,6731:D6EC,6734:C6D3,6735:B6E4,673A:BBFA,673D:D0E0,6740:C9B1,6742:D4D3,6743:C8A8,6746:B8CB,6748:E8BE,6749:C9BC,674C:E8BB,674E:C0EE,674F:D0D3,6750:B2C4,6751:B4E5,6753:E8BC,6756:D5C8,675C:B6C5,675E:E8BD,675F:CAF8,6760:B8DC,6761:CCF5,6765:C0B4,6768:D1EE,6769:E8BF,676A:E8C2,676D:BABC,676F:B1AD,6770:BDDC,6772:EABD,6773:E8C3,6775:E8C6,6777:E8CB,677C:E8CC,677E:CBC9,677F:B0E5,6781:BCAB,6784:B9B9,6787:E8C1,6789:CDF7,678B:E8CA,6790:CEF6,6795:D5ED,6797:C1D6,6798:E8C4,679A:C3B6,679C:B9FB,679D:D6A6,679E:E8C8,67A2:CAE0,67A3:D4E6,67A5:E8C0,67A7:E8C5,67A8:E8C7,67AA:C7B9,67AB:B7E3,67AD:E8C9,67AF:BFDD,67B0:E8D2,67B3:E8D7,67B5:E8D5,67B6:BCDC,67B7:BCCF,67B8:E8DB,67C1:E8DE,67C3:E8DA,67C4:B1FA,67CF:B0D8,67D0:C4B3,67D1:B8CC,67D2:C6E2,67D3:C8BE,67D4:C8E1,67D8:E8CF,67D9:E8D4,67DA:E8D6,67DC:B9F1,67DD:E8D8,67DE:D7F5,67E0:C4FB,67E2:E8DC,67E5:B2E9,67E9:E8D1,67EC:BCED,67EF:BFC2,67F0:E8CD,67F1:D6F9,67F3:C1F8,67F4:B2F1,67FD:E8DF,67FF:CAC1,6800:E8D9,6805:D5A4,6807:B1EA,6808:D5BB,6809:E8CE,680A:E8D0,680B:B6B0,680C:E8D3,680E:E8DD,680F:C0B8,6811:CAF7,6813:CBA8,6816:C6DC,6817:C0F5,681D:E8E9,6821:D0A3,6829:E8F2,682A:D6EA,6832:E8E0,6833:E8E1,6837:D1F9,6838:BACB,6839:B8F9,683C:B8F1,683D:D4D4,683E:E8EF,6840:E8EE,6841:E8EC,6842:B9F0,6843:CCD2,6844:E8E6,6845:CEA6,6846:BFF2,6848:B0B8,6849:E8F1,684A:E8F0,684C:D7C0,684E:E8E4,6850:CDA9,6851:C9A3,6853:BBB8,6854:BDDB,6855:E8EA,6860:E8E2,6861:E8E3,6862:E8E5,6863:B5B5,6864:E8E7,6865:C7C5,6866:E8EB,6867:E8ED,6868:BDB0,6869:D7AE,686B:E8F8,6874:E8F5,6876:CDB0,6877:E8F6,6881:C1BA,6883:E8E8,6885:C3B7,6886:B0F0,688F:E8F4,6893:E8F7,6897:B9A3,68A2:C9D2,68A6:C3CE,68A7:CEE0,68A8:C0E6,68AD:CBF3,68AF:CCDD,68B0:D0B5,68B3:CAE1,68B5:E8F3,68C0:BCEC,68C2:E8F9,68C9:C3DE,68CB:C6E5,68CD:B9F7,68D2:B0F4,68D5:D7D8,68D8:BCAC,68DA:C5EF,68E0:CCC4,68E3:E9A6,68EE:C9AD,68F0:E9A2,68F1:C0E2,68F5:BFC3,68F9:E8FE,68FA:B9D7,68FC:E8FB,6901:E9A4,6905:D2CE,690B:E9A3,690D:D6B2,690E:D7B5,6910:E9A7,6912:BDB7,691F:E8FC,6920:E8FD,6924:E9A1,692D:CDD6,6930:D2AC,6934:E9B2,6939:E9A9,693D:B4AA,693F:B4BB,6942:E9AB,6954:D0A8,6957:E9A5,695A:B3FE,695D:E9AC,695E:C0E3,6960:E9AA,6963:E9B9,6966:E9B8,696B:E9AE,696E:E8FA,6971:E9A8,6977:BFAC,6978:E9B1,6979:E9BA,697C:C2A5,6980:E9AF,6982:B8C5,6984:E9AD,6986:D3DC,6987:E9B4,6988:E9B5,6989:E9B7,698D:E9C7,6994:C0C6,6995:E9C5,6998:E9B0,699B:E9BB,699C:B0F1,69A7:E9BC,69A8:D5A5,69AB:E9BE,69AD:E9BF,69B1:E9C1,69B4:C1F1,69B7:C8B6,69BB:E9BD,69C1:E9C2,69CA:E9C3,69CC:E9B3,69CE:E9B6,69D0:BBB1,69D4:E9C0,69DB:BCF7,69DF:E9C4,69E0:E9C6,69ED:E9CA,69F2:E9CE,69FD:B2DB,69FF:E9C8,6A0A:B7AE,6A17:E9CB,6A18:E9CC,6A1F:D5C1,6A21:C4A3,6A28:E9D8,6A2A:BAE1,6A2F:E9C9,6A31:D3A3,6A35:E9D4,6A3D:E9D7,6A3E:E9D0,6A44:E9CF,6A47:C7C1,6A50:E9D2,6A58:E9D9,6A59:B3C8,6A5B:E9D3,6A61:CFF0,6A65:E9CD,6A71:B3F7,6A79:E9D6,6A7C:E9DA,6A80:CCB4,6A84:CFAD,6A8E:E9D5,6A90:E9DC,6A91:E9DB,6A97:E9DE,6AA0:E9D1,6AA9:E9DD,6AAB:E9DF,6AAC:C3CA,6B20:C7B7,6B21:B4CE,6B22:BBB6,6B23:D0C0,6B24:ECA3,6B27:C5B7,6B32:D3FB,6B37:ECA4,6B39:ECA5,6B3A:C6DB,6B3E:BFEE,6B43:ECA6,6B46:ECA7,6B47:D0AA,6B49:C7B8,6B4C:B8E8,6B59:ECA8,6B62:D6B9,6B63:D5FD,6B64:B4CB,6B65:B2BD,6B66:CEE4,6B67:C6E7,6B6A:CDE1,6B79:B4F5,6B7B:CBC0,6B7C:BCDF,6B81:E9E2,6B82:E9E3,6B83:D1EA,6B84:E9E5,6B86:B4F9,6B87:E9E4,6B89:D1B3,6B8A:CAE2,6B8B:B2D0,6B8D:E9E8,6B92:E9E6,6B93:E9E7,6B96:D6B3,6B9A:E9E9,6B9B:E9EA,6BA1:E9EB,6BAA:E9EC,6BB3:ECAF,6BB4:C5B9,6BB5:B6CE,6BB7:D2F3,6BBF:B5EE,6BC1:BBD9,6BC2:ECB1,6BC5:D2E3,6BCB:CEE3,6BCD:C4B8,6BCF:C3BF,6BD2:B6BE,6BD3:D8B9,6BD4:B1C8,6BD5:B1CF,6BD6:B1D1,6BD7:C5FE,6BD9:B1D0,6BDB:C3AB,6BE1:D5B1,6BEA:EBA4,6BEB:BAC1,6BEF:CCBA,6BF3:EBA5,6BF5:EBA7,6BF9:EBA8,6BFD:EBA6,6C05:EBA9,6C06:EBAB,6C07:EBAA,6C0D:EBAC,6C0F:CACF,6C10:D8B5,6C11:C3F1,6C13:C3A5,6C14:C6F8,6C15:EBAD,6C16:C4CA,6C18:EBAE,6C19:EBAF,6C1A:EBB0,6C1B:B7D5,6C1F:B7FA,6C21:EBB1,6C22:C7E2,6C24:EBB3,6C26:BAA4,6C27:D1F5,6C28:B0B1,6C29:EBB2,6C2A:EBB4,6C2E:B5AA,6C2F:C2C8,6C30:C7E8,6C32:EBB5,6C34:CBAE,6C35:E3DF,6C38:D3C0,6C3D:D9DB,6C40:CDA1,6C41:D6AD,6C42:C7F3,6C46:D9E0,6C47:BBE3,6C49:BABA,6C4A:E3E2,6C50:CFAB,6C54:E3E0,6C55:C9C7,6C57:BAB9,6C5B:D1B4,6C5C:E3E1,6C5D:C8EA,6C5E:B9AF,6C5F:BDAD,6C60:B3D8,6C61:CEDB,6C64:CCC0,6C68:E3E8,6C69:E3E9,6C6A:CDF4,6C70:CCAD,6C72:BCB3,6C74:E3EA,6C76:E3EB,6C79:D0DA,6C7D:C6FB,6C7E:B7DA,6C81:C7DF,6C82:D2CA,6C83:CED6,6C85:E3E4,6C86:E3EC,6C88:C9F2,6C89:B3C1,6C8C:E3E7,6C8F:C6E3,6C90:E3E5,6C93:EDB3,6C94:E3E6,6C99:C9B3,6C9B:C5E6,6C9F:B9B5,6CA1:C3BB,6CA3:E3E3,6CA4:C5BD,6CA5:C1A4,6CA6:C2D9,6CA7:B2D7,6CA9:E3ED,6CAA:BBA6,6CAB:C4AD,6CAD:E3F0,6CAE:BEDA,6CB1:E3FB,6CB2:E3F5,6CB3:BAD3,6CB8:B7D0,6CB9:D3CD,6CBB:D6CE,6CBC:D5D3,6CBD:B9C1,6CBE:D5B4,6CBF:D1D8,6CC4:D0B9,6CC5:C7F6,6CC9:C8AA,6CCA:B2B4,6CCC:C3DA,6CD0:E3EE,6CD3:E3FC,6CD4:E3EF,6CD5:B7A8,6CD6:E3F7,6CD7:E3F4,6CDB:B7BA,6CDE:C5A2,6CE0:E3F6,6CE1:C5DD,6CE2:B2A8,6CE3:C6FC,6CE5:C4E0,6CE8:D7A2,6CEA:C0E1,6CEB:E3F9,6CEE:E3FA,6CEF:E3FD,6CF0:CCA9,6CF1:E3F3,6CF3:D3BE,6CF5:B1C3,6CF6:EDB4,6CF7:E3F1,6CF8:E3F2,6CFA:E3F8,6CFB:D0BA,6CFC:C6C3,6CFD:D4F3,6CFE:E3FE,6D01:BDE0,6D04:E4A7,6D07:E4A6,6D0B:D1F3,6D0C:E4A3,6D0E:E4A9,6D12:C8F7,6D17:CFB4,6D19:E4A8,6D1A:E4AE,6D1B:C2E5,6D1E:B6B4,6D25:BDF2,6D27:E4A2,6D2A:BAE9,6D2B:E4AA,6D2E:E4AC,6D31:B6FD,6D32:D6DE,6D33:E4B2,6D35:E4AD,6D39:E4A1,6D3B:BBEE,6D3C:CDDD,6D3D:C7A2,6D3E:C5C9,6D41:C1F7,6D43:E4A4,6D45:C7B3,6D46:BDAC,6D47:BDBD,6D48:E4A5,6D4A:D7C7,6D4B:B2E2,6D4D:E4AB,6D4E:BCC3,6D4F:E4AF,6D51:BBEB,6D52:E4B0,6D53:C5A8,6D54:E4B1,6D59:D5E3,6D5A:BFA3,6D5C:E4BA,6D5E:E4B7,6D60:E4BB,6D63:E4BD,6D66:C6D6,6D69:BAC6,6D6A:C0CB,6D6E:B8A1,6D6F:E4B4,6D74:D4A1,6D77:BAA3,6D78:BDFE,6D7C:E4BC,6D82:CDBF,6D85:C4F9,6D88:CFFB,6D89:C9E6,6D8C:D3BF,6D8E:CFD1,6D91:E4B3,6D93:E4B8,6D94:E4B9,6D95:CCE9,6D9B:CCCE,6D9D:C0D4,6D9E:E4B5,6D9F:C1B0,6DA0:E4B6,6DA1:CED0,6DA3:BBC1,6DA4:B5D3,6DA6:C8F3,6DA7:BDA7,6DA8:D5C7,6DA9:C9AC,6DAA:B8A2,6DAB:E4CA,6DAE:E4CC,6DAF:D1C4,6DB2:D2BA,6DB5:BAAD,6DB8:BAD4,6DBF:E4C3,6DC0:B5ED,6DC4:D7CD,6DC5:E4C0,6DC6:CFFD,6DC7:E4BF,6DCB:C1DC,6DCC:CCCA,6DD1:CAE7,6DD6:C4D7,6DD8:CCD4,6DD9:E4C8,6DDD:E4C7,6DDE:E4C1,6DE0:E4C4,6DE1:B5AD,6DE4:D3D9,6DE6:E4C6,6DEB:D2F9,6DEC:B4E3,6DEE:BBB4,6DF1:C9EE,6DF3:B4BE,6DF7:BBEC,6DF9:D1CD,6DFB:CCED,6DFC:EDB5,6E05:C7E5,6E0A:D4A8,6E0C:E4CB,6E0D:D7D5,6E0E:E4C2,6E10:BDA5,6E11:E4C5,6E14:D3E6,6E16:E4C9,6E17:C9F8,6E1A:E4BE,6E1D:D3E5,6E20:C7FE,6E21:B6C9,6E23:D4FC,6E24:B2B3,6E25:E4D7,6E29:CEC2,6E2B:E4CD,6E2D:CEBC,6E2F:B8DB,6E32:E4D6,6E34:BFCA,6E38:D3CE,6E3A:C3EC,6E43:C5C8,6E44:E4D8,6E4D:CDC4,6E4E:E4CF,6E53:E4D4,6E54:E4D5,6E56:BAFE,6E58:CFE6,6E5B:D5BF,6E5F:E4D2,6E6B:E4D0,6E6E:E4CE,6E7E:CDE5,6E7F:CAAA,6E83:C0A3,6E85:BDA6,6E86:E4D3,6E89:B8C8,6E8F:E4E7,6E90:D4B4,6E98:E4DB,6E9C:C1EF,6E9F:E4E9,6EA2:D2E7,6EA5:E4DF,6EA7:E4E0,6EAA:CFAA,6EAF:CBDD,6EB1:E4DA,6EB2:E4D1,6EB4:E4E5,6EB6:C8DC,6EB7:E4E3,6EBA:C4E7,6EBB:E4E2,6EBD:E4E1,6EC1:B3FC,6EC2:E4E8,6EC7:B5E1,6ECB:D7CC,6ECF:E4E6,6ED1:BBAC,6ED3:D7D2,6ED4:CCCF,6ED5:EBF8,6ED7:E4E4,6EDA:B9F6,6EDE:D6CD,6EDF:E4D9,6EE0:E4DC,6EE1:C2FA,6EE2:E4DE,6EE4:C2CB,6EE5:C0C4,6EE6:C2D0,6EE8:B1F5,6EE9:CCB2,6EF4:B5CE,6EF9:E4EF,6F02:C6AF,6F06:C6E1,6F09:E4F5,6F0F:C2A9,6F13:C0EC,6F14:D1DD,6F15:E4EE,6F20:C4AE,6F24:E4ED,6F29:E4F6,6F2A:E4F4,6F2B:C2FE,6F2D:E4DD,6F2F:E4F0,6F31:CAFE,6F33:D5C4,6F36:E4F1,6F3E:D1FA,6F46:E4EB,6F47:E4EC,6F4B:E4F2,6F4D:CEAB,6F58:C5CB,6F5C:C7B1,6F5E:C2BA,6F62:E4EA,6F66:C1CA,6F6D:CCB6,6F6E:B3B1,6F72:E4FB,6F74:E4F3,6F78:E4FA,6F7A:E4FD,6F7C:E4FC,6F84:B3CE,6F88:B3BA,6F89:E4F7,6F8C:E4F9,6F8D:E4F8,6F8E:C5EC,6F9C:C0BD,6FA1:D4E8,6FA7:E5A2,6FB3:B0C4,6FB6:E5A4,6FB9:E5A3,6FC0:BCA4,6FC2:E5A5,6FC9:E5A1,6FD1:E4FE,6FD2:B1F4,6FDE:E5A8,6FE0:E5A9,6FE1:E5A6,6FEE:E5A7,6FEF:E5AA,7011:C6D9,701A:E5AB,701B:E5AD,7023:E5AC,7035:E5AF,7039:E5AE,704C:B9E0,704F:E5B0,705E:E5B1,706B:BBF0,706C:ECE1,706D:C3F0,706F:B5C6,7070:BBD2,7075:C1E9,7076:D4EE,7078:BEC4,707C:D7C6,707E:D4D6,707F:B2D3,7080:ECBE,7085:EAC1,7089:C2AF,708A:B4B6,708E:D1D7,7092:B3B4,7094:C8B2,7095:BFBB,7096:ECC0,7099:D6CB,709C:ECBF,709D:ECC1,70AB:ECC5,70AC:BEE6,70AD:CCBF,70AE:C5DA,70AF:BEBC,70B1:ECC6,70B3:B1FE,70B7:ECC4,70B8:D5A8,70B9:B5E3,70BB:ECC2,70BC:C1B6,70BD:B3E3,70C0:ECC3,70C1:CBB8,70C2:C0C3,70C3:CCFE,70C8:C1D2,70CA:ECC8,70D8:BAE6,70D9:C0D3,70DB:D6F2,70DF:D1CC,70E4:BFBE,70E6:B7B3,70E7:C9D5,70E8:ECC7,70E9:BBE2,70EB:CCCC,70EC:BDFD,70ED:C8C8,70EF:CFA9,70F7:CDE9,70F9:C5EB,70FD:B7E9,7109:D1C9,710A:BAB8,7110:ECC9,7113:ECCA,7115:BBC0,7116:ECCB,7118:ECE2,7119:B1BA,711A:B7D9,7126:BDB9,712F:ECCC,7130:D1E6,7131:ECCD,7136:C8BB,7145:ECD1,714A:ECD3,714C:BBCD,714E:BCE5,715C:ECCF,715E:C9B7,7164:C3BA,7166:ECE3,7167:D5D5,7168:ECD0,716E:D6F3,7172:ECD2,7173:ECCE,7178:ECD4,717A:ECD5,717D:C9BF,7184:CFA8,718A:D0DC,718F:D1AC,7194:C8DB,7198:ECD6,7199:CEF5,719F:CAEC,71A0:ECDA,71A8:ECD9,71AC:B0BE,71B3:ECD7,71B5:ECD8,71B9:ECE4,71C3:C8BC,71CE:C1C7,71D4:ECDC,71D5:D1E0,71E0:ECDB,71E5:D4EF,71E7:ECDD,71EE:DBC6,71F9:ECDE,7206:B1AC,721D:ECDF,7228:ECE0,722A:D7A6,722C:C5C0,7230:EBBC,7231:B0AE,7235:BEF4,7236:B8B8,7237:D2AF,7238:B0D6,7239:B5F9,723B:D8B3,723D:CBAC,723F:E3DD,7247:C6AC,7248:B0E6,724C:C5C6,724D:EBB9,7252:EBBA,7256:EBBB,7259:D1C0,725B:C5A3,725D:EAF2,725F:C4B2,7261:C4B5,7262:C0CE,7266:EAF3,7267:C4C1,7269:CEEF,726E:EAF0,726F:EAF4,7272:C9FC,7275:C7A3,7279:CCD8,727A:CEFE,727E:EAF5,727F:EAF6,7280:CFAC,7281:C0E7,7284:EAF7,728A:B6BF,728B:EAF8,728D:EAF9,728F:EAFA,7292:EAFB,729F:EAF1,72AC:C8AE,72AD:E1EB,72AF:B7B8,72B0:E1EC,72B4:E1ED,72B6:D7B4,72B7:E1EE,72B8:E1EF,72B9:D3CC,72C1:E1F1,72C2:BFF1,72C3:E1F0,72C4:B5D2,72C8:B1B7,72CD:E1F3,72CE:E1F2,72D0:BAFC,72D2:E1F4,72D7:B9B7,72D9:BED1,72DE:C4FC,72E0:BADD,72E1:BDC6,72E8:E1F5,72E9:E1F7,72EC:B6C0,72ED:CFC1,72EE:CAA8,72EF:E1F6,72F0:D5F8,72F1:D3FC,72F2:E1F8,72F3:E1FC,72F4:E1F9,72F7:E1FA,72F8:C0EA,72FA:E1FE,72FB:E2A1,72FC:C0C7,7301:E1FB,7303:E1FD,730A:E2A5,730E:C1D4,7313:E2A3,7315:E2A8,7316:B2FE,7317:E2A2,731B:C3CD,731C:B2C2,731D:E2A7,731E:E2A6,7321:E2A4,7322:E2A9,7325:E2AB,7329:D0C9,732A:D6ED,732B:C3A8,732C:E2AC,732E:CFD7,7331:E2AE,7334:BAEF,7337:E9E0,7338:E2AD,7339:E2AA,733E:BBAB,733F:D4B3,734D:E2B0,7350:E2AF,7352:E9E1,7357:E2B1,7360:E2B2,736C:E2B3,736D:CCA1,736F:E2B4,737E:E2B5,7384:D0FE,7387:C2CA,7389:D3F1,738B:CDF5,738E:E7E0,7391:E7E1,7396:BEC1,739B:C2EA,739F:E7E4,73A2:E7E3,73A9:CDE6,73AB:C3B5,73AE:E7E2,73AF:BBB7,73B0:CFD6,73B2:C1E1,73B3:E7E9,73B7:E7E8,73BA:E7F4,73BB:B2A3,73C0:E7EA,73C2:E7E6,73C8:E7EC,73C9:E7EB,73CA:C9BA,73CD:D5E4,73CF:E7E5,73D0:B7A9,73D1:E7E7,73D9:E7EE,73DE:E7F3,73E0:D6E9,73E5:E7ED,73E7:E7F2,73E9:E7F1,73ED:B0E0,73F2:E7F5,7403:C7F2,7405:C0C5,7406:C0ED,7409:C1F0,740A:E7F0,740F:E7F6,7410:CBF6,741A:E8A2,741B:E8A1,7422:D7C1,7425:E7FA,7426:E7F9,7428:E7FB,742A:E7F7,742C:E7FE,742E:E7FD,7430:E7FC,7433:C1D5,7434:C7D9,7435:C5FD,7436:C5C3,743C:C7ED,7441:E8A3,7455:E8A6,7457:E8A5,7459:E8A7,745A:BAF7,745B:E7F8,745C:E8A4,745E:C8F0,745F:C9AA,746D:E8A9,7470:B9E5,7476:D1FE,7477:E8A8,747E:E8AA,7480:E8AD,7481:E8AE,7483:C1A7,7487:E8AF,748B:E8B0,748E:E8AC,7490:E8B4,749C:E8AB,749E:E8B1,74A7:E8B5,74A8:E8B2,74A9:E8B3,74BA:E8B7,74D2:E8B6,74DC:B9CF,74DE:F0AC,74E0:F0AD,74E2:C6B0,74E3:B0EA,74E4:C8BF,74E6:CDDF,74EE:CECD,74EF:EAB1,74F4:EAB2,74F6:C6BF,74F7:B4C9,74FF:EAB3,7504:D5E7,750D:DDF9,750F:EAB4,7511:EAB5,7513:EAB6,7518:B8CA,7519:DFB0,751A:C9F5,751C:CCF0,751F:C9FA,7525:C9FB,7528:D3C3,7529:CBA6,752B:B8A6,752C:F0AE,752D:B1C2,752F:E5B8,7530:CCEF,7531:D3C9,7532:BCD7,7533:C9EA,7535:B5E7,7537:C4D0,7538:B5E9,753A:EEAE,753B:BBAD,753E:E7DE,7540:EEAF,7545:B3A9,7548:EEB2,754B:EEB1,754C:BDE7,754E:EEB0,754F:CEB7,7554:C5CF,7559:C1F4,755A:DBCE,755B:EEB3,755C:D0F3,7565:C2D4,7566:C6E8,756A:B7AC,7572:EEB4,7574:B3EB,7578:BBFB,7579:EEB5,757F:E7DC,7583:EEB6,7586:BDAE,758B:F1E2,758F:CAE8,7591:D2C9,7592:F0DA,7594:F0DB,7596:F0DC,7597:C1C6,7599:B8ED,759A:BECE,759D:F0DE,759F:C5B1,75A0:F0DD,75A1:D1F1,75A3:F0E0,75A4:B0CC,75A5:BDEA,75AB:D2DF,75AC:F0DF,75AE:B4AF,75AF:B7E8,75B0:F0E6,75B1:F0E5,75B2:C6A3,75B3:F0E1,75B4:F0E2,75B5:B4C3,75B8:F0E3,75B9:D5EE,75BC:CCDB,75BD:BED2,75BE:BCB2,75C2:F0E8,75C3:F0E7,75C4:F0E4,75C5:B2A1,75C7:D6A2,75C8:D3B8,75C9:BEB7,75CA:C8AC,75CD:F0EA,75D2:D1F7,75D4:D6CC,75D5:BADB,75D6:F0E9,75D8:B6BB,75DB:CDB4,75DE:C6A6,75E2:C1A1,75E3:F0EB,75E4:F0EE,75E6:F0ED,75E7:F0F0,75E8:F0EC,75EA:BBBE,75EB:F0EF,75F0:CCB5,75F1:F0F2,75F4:B3D5,75F9:B1D4,75FC:F0F3,75FF:F0F4,7600:F0F6,7601:B4E1,7603:F0F1,7605:F0F7,760A:F0FA,760C:F0F8,7610:F0F5,7615:F0FD,7617:F0F9,7618:F0FC,7619:F0FE,761B:F1A1,761F:CEC1,7620:F1A4,7622:F1A3,7624:C1F6,7625:F0FB,7626:CADD,7629:B4F1,762A:B1F1,762B:CCB1,762D:F1A6,7630:F1A7,7633:F1AC,7634:D5CE,7635:F1A9,7638:C8B3,763C:F1A2,763E:F1AB,763F:F1A8,7640:F1A5,7643:F1AA,764C:B0A9,764D:F1AD,7654:F1AF,7656:F1B1,765C:F1B0,765E:F1AE,7663:D1A2,766B:F1B2,766F:F1B3,7678:B9EF,767B:B5C7,767D:B0D7,767E:B0D9,7682:D4ED,7684:B5C4,7686:BDD4,7687:BBCA,7688:F0A7,768B:B8DE,768E:F0A8,7691:B0A8,7693:F0A9,7696:CDEE,7699:F0AA,76A4:F0AB,76AE:C6A4,76B1:D6E5,76B2:F1E4,76B4:F1E5,76BF:C3F3,76C2:D3DB,76C5:D6D1,76C6:C5E8,76C8:D3AF,76CA:D2E6,76CD:EEC1,76CE:B0BB,76CF:D5B5,76D0:D1CE,76D1:BCE0,76D2:BAD0,76D4:BFF8,76D6:B8C7,76D7:B5C1,76D8:C5CC,76DB:CAA2,76DF:C3CB,76E5:EEC2,76EE:C4BF,76EF:B6A2,76F1:EDEC,76F2:C3A4,76F4:D6B1,76F8:CFE0,76F9:EDEF,76FC:C5CE,76FE:B6DC,7701:CAA1,7704:EDED,7707:EDF0,7708:EDF1,7709:C3BC,770B:BFB4,770D:EDEE,7719:EDF4,771A:EDF2,771F:D5E6,7720:C3DF,7722:EDF3,7726:EDF6,7728:D5A3,7729:D1A3,772D:EDF5,772F:C3D0,7735:EDF7,7736:BFF4,7737:BEEC,7738:EDF8,773A:CCF7,773C:D1DB,7740:D7C5,7741:D5F6,7743:EDFC,7747:EDFB,7750:EDF9,7751:EDFA,775A:EDFD,775B:BEA6,7761:CBAF,7762:EEA1,7763:B6BD,7765:EEA2,7766:C4C0,7768:EDFE,776B:BDDE,776C:B2C7,7779:B6C3,777D:EEA5,777E:D8BA,777F:EEA3,7780:EEA6,7784:C3E9,7785:B3F2,778C:EEA7,778D:EEA4,778E:CFB9,7791:EEA8,7792:C2F7,779F:EEA9,77A0:EEAA,77A2:DEAB,77A5:C6B3,77A7:C7C6,77A9:D6F5,77AA:B5C9,77AC:CBB2,77B0:EEAB,77B3:CDAB,77B5:EEAC,77BB:D5B0,77BD:EEAD,77BF:F6C4,77CD:DBC7,77D7:B4A3,77DB:C3AC,77DC:F1E6,77E2:CAB8,77E3:D2D3,77E5:D6AA,77E7:EFF2,77E9:BED8,77EB:BDC3,77EC:EFF3,77ED:B6CC,77EE:B0AB,77F3:CAAF,77F6:EDB6,77F8:EDB7,77FD:CEF9,77FE:B7AF,77FF:BFF3,7800:EDB8,7801:C2EB,7802:C9B0,7809:EDB9,780C:C6F6,780D:BFB3,7811:EDBC,7812:C5F8,7814:D1D0,7816:D7A9,7817:EDBA,7818:EDBB,781A:D1E2,781C:EDBF,781D:EDC0,781F:EDC4,7823:EDC8,7825:EDC6,7826:EDCE,7827:D5E8,7829:EDC9,782C:EDC7,782D:EDBE,7830:C5E9,7834:C6C6,7837:C9E9,7838:D4D2,7839:EDC1,783A:EDC2,783B:EDC3,783C:EDC5,783E:C0F9,7840:B4A1,7845:B9E8,7847:EDD0,784C:EDD1,784E:EDCA,7850:EDCF,7852:CEF8,7855:CBB6,7856:EDCC,7857:EDCD,785D:CFF5,786A:EDD2,786B:C1F2,786C:D3B2,786D:EDCB,786E:C8B7,7877:BCEF,787C:C5F0,7887:EDD6,7889:B5EF,788C:C2B5,788D:B0AD,788E:CBE9,7891:B1AE,7893:EDD4,7897:CDEB,7898:B5E2,789A:EDD5,789B:EDD3,789C:EDD7,789F:B5FA,78A1:EDD8,78A3:EDD9,78A5:EDDC,78A7:B1CC,78B0:C5F6,78B1:BCEE,78B2:EDDA,78B3:CCBC,78B4:B2EA,78B9:EDDB,78BE:C4EB,78C1:B4C5,78C5:B0F5,78C9:EDDF,78CA:C0DA,78CB:B4E8,78D0:C5CD,78D4:EDDD,78D5:BFC4,78D9:EDDE,78E8:C4A5,78EC:EDE0,78F2:EDE1,78F4:EDE3,78F7:C1D7,78FA:BBC7,7901:BDB8,7905:EDE2,7913:EDE4,791E:EDE6,7924:EDE5,7934:EDE7,793A:CABE,793B:ECEA,793C:C0F1,793E:C9E7,7940:ECEB,7941:C6EE,7946:ECEC,7948:C6ED,7949:ECED,7953:ECF0,7956:D7E6,7957:ECF3,795A:ECF1,795B:ECEE,795C:ECEF,795D:D7A3,795E:C9F1,795F:CBEE,7960:ECF4,7962:ECF2,7965:CFE9,7967:ECF6,7968:C6B1,796D:BCC0,796F:ECF5,7977:B5BB,7978:BBF6,797A:ECF7,7980:D9F7,7981:BDFB,7984:C2BB,7985:ECF8,798A:ECF9,798F:B8A3,799A:ECFA,79A7:ECFB,79B3:ECFC,79B9:D3ED,79BA:D8AE,79BB:C0EB,79BD:C7DD,79BE:BACC,79C0:D0E3,79C1:CBBD,79C3:CDBA,79C6:B8D1,79C9:B1FC,79CB:C7EF,79CD:D6D6,79D1:BFC6,79D2:C3EB,79D5:EFF5,79D8:C3D8,79DF:D7E2,79E3:EFF7,79E4:B3D3,79E6:C7D8,79E7:D1ED,79E9:D6C8,79EB:EFF8,79ED:EFF6,79EF:BBFD,79F0:B3C6,79F8:BDD5,79FB:D2C6,79FD:BBE0,7A00:CFA1,7A02:EFFC,7A03:EFFB,7A06:EFF9,7A0B:B3CC,7A0D:C9D4,7A0E:CBB0,7A14:EFFE,7A17:B0DE,7A1A:D6C9,7A1E:EFFD,7A20:B3ED,7A23:F6D5,7A33:CEC8,7A37:F0A2,7A39:F0A1,7A3B:B5BE,7A3C:BCDA,7A3D:BBFC,7A3F:B8E5,7A46:C4C2,7A51:F0A3,7A57:CBEB,7A70:F0A6,7A74:D1A8,7A76:BEBF,7A77:C7EE,7A78:F1B6,7A79:F1B7,7A7A:BFD5,7A7F:B4A9,7A80:F1B8,7A81:CDBB,7A83:C7D4,7A84:D5AD,7A86:F1B9,7A88:F1BA,7A8D:C7CF,7A91:D2A4,7A92:D6CF,7A95:F1BB,7A96:BDD1,7A97:B4B0,7A98:BEBD,7A9C:B4DC,7A9D:CED1,7A9F:BFDF,7AA0:F1BD,7AA5:BFFA,7AA6:F1BC,7AA8:F1BF,7AAC:F1BE,7AAD:F1C0,7AB3:F1C1,7ABF:C1FE,7ACB:C1A2,7AD6:CAFA,7AD9:D5BE,7ADE:BEBA,7ADF:BEB9,7AE0:D5C2,7AE3:BFA2,7AE5:CDAF,7AE6:F1B5,7AED:BDDF,7AEF:B6CB,7AF9:D6F1,7AFA:F3C3,7AFD:F3C4,7AFF:B8CD,7B03:F3C6,7B04:F3C7,7B06:B0CA,7B08:F3C5,7B0A:F3C9,7B0B:CBF1,7B0F:F3CB,7B11:D0A6,7B14:B1CA,7B15:F3C8,7B19:F3CF,7B1B:B5D1,7B1E:F3D7,7B20:F3D2,7B24:F3D4,7B25:F3D3,7B26:B7FB,7B28:B1BF,7B2A:F3CE,7B2B:F3CA,7B2C:B5DA,7B2E:F3D0,7B31:F3D1,7B33:F3D5,7B38:F3CD,7B3A:BCE3,7B3C:C1FD,7B3E:F3D6,7B45:F3DA,7B47:F3CC,7B49:B5C8,7B4B:BDEE,7B4C:F3DC,7B4F:B7A4,7B50:BFF0,7B51:D6FE,7B52:CDB2,7B54:B4F0,7B56:B2DF,7B58:F3D8,7B5A:F3D9,7B5B:C9B8,7B5D:F3DD,7B60:F3DE,7B62:F3E1,7B6E:F3DF,7B71:F3E3,7B72:F3E2,7B75:F3DB,7B77:BFEA,7B79:B3EF,7B7B:F3E0,7B7E:C7A9,7B80:BCF2,7B85:F3EB,7B8D:B9BF,7B90:F3E4,7B94:B2AD,7B95:BBFE,7B97:CBE3,7B9C:F3ED,7B9D:F3E9,7BA1:B9DC,7BA2:F3EE,7BA6:F3E5,7BA7:F3E6,7BA8:F3EA,7BA9:C2E1,7BAA:F3EC,7BAB:F3EF,7BAC:F3E8,7BAD:BCFD,7BB1:CFE4,7BB4:F3F0,7BB8:F3E7,7BC1:F3F2,7BC6:D7AD,7BC7:C6AA,7BCC:F3F3,7BD1:F3F1,7BD3:C2A8,7BD9:B8DD,7BDA:F3F5,7BDD:F3F4,7BE1:B4DB,7BE5:F3F6,7BE6:F3F7,7BEA:F3F8,7BEE:C0BA,7BF1:C0E9,7BF7:C5F1,7BFC:F3FB,7BFE:F3FA,7C07:B4D8,7C0B:F3FE,7C0C:F3F9,7C0F:F3FC,7C16:F3FD,7C1F:F4A1,7C26:F4A3,7C27:BBC9,7C2A:F4A2,7C38:F4A4,7C3F:B2BE,7C40:F4A6,7C41:F4A5,7C4D:BCAE,7C73:C3D7,7C74:D9E1,7C7B:C0E0,7C7C:F4CC,7C7D:D7D1,7C89:B7DB,7C91:F4CE,7C92:C1A3,7C95:C6C9,7C97:B4D6,7C98:D5B3,7C9C:F4D0,7C9D:F4CF,7C9E:F4D1,7C9F:CBDA,7CA2:F4D2,7CA4:D4C1,7CA5:D6E0,7CAA:B7E0,7CAE:C1B8,7CB1:C1BB,7CB2:F4D3,7CB3:BEAC,7CB9:B4E2,7CBC:F4D4,7CBD:F4D5,7CBE:BEAB,7CC1:F4D6,7CC5:F4DB,7CC7:F4D7,7CC8:F4DA,7CCA:BAFD,7CCC:F4D8,7CCD:F4D9,7CD5:B8E2,7CD6:CCC7,7CD7:F4DC,7CD9:B2DA,7CDC:C3D3,7CDF:D4E3,7CE0:BFB7,7CE8:F4DD,7CEF:C5B4,7CF8:F4E9,7CFB:CFB5,7D0A:CEC9,7D20:CBD8,7D22:CBF7,7D27:BDF4,7D2B:D7CF,7D2F:C0DB,7D6E:D0F5,7D77:F4EA,7DA6:F4EB,7DAE:F4EC,7E3B:F7E3,7E41:B7B1,7E47:F4ED,7E82:D7EB,7E9B:F4EE,7E9F:E6F9,7EA0:BEC0,7EA1:E6FA,7EA2:BAEC,7EA3:E6FB,7EA4:CFCB,7EA5:E6FC,7EA6:D4BC,7EA7:BCB6,7EA8:E6FD,7EA9:E6FE,7EAA:BCCD,7EAB:C8D2,7EAC:CEB3,7EAD:E7A1,7EAF:B4BF,7EB0:E7A2,7EB1:C9B4,7EB2:B8D9,7EB3:C4C9,7EB5:D7DD,7EB6:C2DA,7EB7:B7D7,7EB8:D6BD,7EB9:CEC6,7EBA:B7C4,7EBD:C5A6,7EBE:E7A3,7EBF:CFDF,7EC0:E7A4,7EC1:E7A5,7EC2:E7A6,7EC3:C1B7,7EC4:D7E9,7EC5:C9F0,7EC6:CFB8,7EC7:D6AF,7EC8:D6D5,7EC9:E7A7,7ECA:B0ED,7ECB:E7A8,7ECC:E7A9,7ECD:C9DC,7ECE:D2EF,7ECF:BEAD,7ED0:E7AA,7ED1:B0F3,7ED2:C8DE,7ED3:BDE1,7ED4:E7AB,7ED5:C8C6,7ED7:E7AC,7ED8:BBE6,7ED9:B8F8,7EDA:D1A4,7EDB:E7AD,7EDC:C2E7,7EDD:BEF8,7EDE:BDCA,7EDF:CDB3,7EE0:E7AE,7EE1:E7AF,7EE2:BEEE,7EE3:D0E5,7EE5:CBE7,7EE6:CCD0,7EE7:BCCC,7EE8:E7B0,7EE9:BCA8,7EEA:D0F7,7EEB:E7B1,7EED:D0F8,7EEE:E7B2,7EEF:E7B3,7EF0:B4C2,7EF1:E7B4,7EF2:E7B5,7EF3:C9FE,7EF4:CEAC,7EF5:C3E0,7EF6:E7B7,7EF7:B1C1,7EF8:B3F1,7EFA:E7B8,7EFB:E7B9,7EFC:D7DB,7EFD:D5C0,7EFE:E7BA,7EFF:C2CC,7F00:D7BA,7F01:E7BB,7F02:E7BC,7F03:E7BD,7F04:BCEA,7F05:C3E5,7F06:C0C2,7F07:E7BE,7F08:E7BF,7F09:BCA9,7F0B:E7C0,7F0C:E7C1,7F0D:E7B6,7F0E:B6D0,7F0F:E7C2,7F11:E7C3,7F12:E7C4,7F13:BBBA,7F14:B5DE,7F15:C2C6,7F16:B1E0,7F17:E7C5,7F18:D4B5,7F19:E7C6,7F1A:B8BF,7F1B:E7C8,7F1C:E7C7,7F1D:B7EC,7F1F:E7C9,7F20:B2F8,7F21:E7CA,7F22:E7CB,7F23:E7CC,7F24:E7CD,7F25:E7CE,7F26:E7CF,7F27:E7D0,7F28:D3A7,7F29:CBF5,7F2A:E7D1,7F2B:E7D2,7F2C:E7D3,7F2D:E7D4,7F2E:C9C9,7F2F:E7D5,7F30:E7D6,7F31:E7D7,7F32:E7D8,7F33:E7D9,7F34:BDC9,7F35:E7DA,7F36:F3BE,7F38:B8D7,7F3A:C8B1,7F42:F3BF,7F44:F3C0,7F45:F3C1,7F50:B9DE,7F51:CDF8,7F54:D8E8,7F55:BAB1,7F57:C2DE,7F58:EEB7,7F5A:B7A3,7F5F:EEB9,7F61:EEB8,7F62:B0D5,7F68:EEBB,7F69:D5D6,7F6A:D7EF,7F6E:D6C3,7F71:EEBD,7F72:CAF0,7F74:EEBC,7F79:EEBE,7F7E:EEC0,7F81:EEBF,7F8A:D1F2,7F8C:C7BC,7F8E:C3C0,7F94:B8E1,7F9A:C1E7,7F9D:F4C6,7F9E:D0DF,7F9F:F4C7,7FA1:CFDB,7FA4:C8BA,7FA7:F4C8,7FAF:F4C9,7FB0:F4CA,7FB2:F4CB,7FB8:D9FA,7FB9:B8FE,7FBC:E5F1,7FBD:D3F0,7FBF:F4E0,7FC1:CECC,7FC5:B3E1,7FCA:F1B4,7FCC:D2EE,7FCE:F4E1,7FD4:CFE8,7FD5:F4E2,7FD8:C7CC,7FDF:B5D4,7FE0:B4E4,7FE1:F4E4,7FE5:F4E3,7FE6:F4E5,7FE9:F4E6,7FEE:F4E7,7FF0:BAB2,7FF1:B0BF,7FF3:F4E8,7FFB:B7AD,7FFC:D2ED,8000:D2AB,8001:C0CF,8003:BFBC,8004:EBA3,8005:D5DF,8006:EAC8,800B:F1F3,800C:B6F8,800D:CBA3,8010:C4CD,8012:F1E7,8014:F1E8,8015:B8FB,8016:F1E9,8017:BAC4,8018:D4C5,8019:B0D2,801C:F1EA,8020:F1EB,8022:F1EC,8025:F1ED,8026:F1EE,8027:F1EF,8028:F1F1,8029:F1F0,802A:C5D5,8031:F1F2,8033:B6FA,8035:F1F4,8036:D2AE,8037:DEC7,8038:CBCA,803B:B3DC,803D:B5A2,803F:B9A2,8042:C4F4,8043:F1F5,8046:F1F6,804A:C1C4,804B:C1FB,804C:D6B0,804D:F1F7,8052:F1F8,8054:C1AA,8058:C6B8,805A:BEDB,8069:F1F9,806A:B4CF,8071:F1FA,807F:EDB2,8080:EDB1,8083:CBE0,8084:D2DE,8086:CBC1,8087:D5D8,8089:C8E2,808B:C0DF,808C:BCA1,8093:EBC1,8096:D0A4,8098:D6E2,809A:B6C7,809B:B8D8,809C:EBC0,809D:B8CE,809F:EBBF,80A0:B3A6,80A1:B9C9,80A2:D6AB,80A4:B7F4,80A5:B7CA,80A9:BCE7,80AA:B7BE,80AB:EBC6,80AD:EBC7,80AE:B0B9,80AF:BFCF,80B1:EBC5,80B2:D3FD,80B4:EBC8,80B7:EBC9,80BA:B7CE,80BC:EBC2,80BD:EBC4,80BE:C9F6,80BF:D6D7,80C0:D5CD,80C1:D0B2,80C2:EBCF,80C3:CEB8,80C4:EBD0,80C6:B5A8,80CC:B1B3,80CD:EBD2,80CE:CCA5,80D6:C5D6,80D7:EBD3,80D9:EBD1,80DA:C5DF,80DB:EBCE,80DC:CAA4,80DD:EBD5,80DE:B0FB,80E1:BAFA,80E4:D8B7,80E5:F1E3,80E7:EBCA,80E8:EBCB,80E9:EBCC,80EA:EBCD,80EB:EBD6,80EC:E6C0,80ED:EBD9,80EF:BFE8,80F0:D2C8,80F1:EBD7,80F2:EBDC,80F3:B8EC,80F4:EBD8,80F6:BDBA,80F8:D0D8,80FA:B0B7,80FC:EBDD,80FD:C4DC,8102:D6AC,8106:B4E0,8109:C2F6,810A:BCB9,810D:EBDA,810E:EBDB,810F:D4E0,8110:C6EA,8111:C4D4,8112:EBDF,8113:C5A7,8114:D9F5,8116:B2B1,8118:EBE4,811A:BDC5,811E:EBE2,812C:EBE3,812F:B8AC,8131:CDD1,8132:EBE5,8136:EBE1,8138:C1B3,813E:C6A2,8146:CCF3,8148:EBE6,814A:C0B0,814B:D2B8,814C:EBE7,8150:B8AF,8151:B8AD,8153:EBE8,8154:C7BB,8155:CDF3,8159:EBEA,815A:EBEB,8160:EBED,8165:D0C8,8167:EBF2,8169:EBEE,816D:EBF1,816E:C8F9,8170:D1FC,8171:EBEC,8174:EBE9,8179:B8B9,817A:CFD9,817B:C4E5,817C:EBEF,817D:EBF0,817E:CCDA,817F:CDC8,8180:B0F2,8182:EBF6,8188:EBF5,818A:B2B2,818F:B8E0,8191:EBF7,8198:B1EC,819B:CCC5,819C:C4A4,819D:CFA5,81A3:EBF9,81A6:ECA2,81A8:C5F2,81AA:EBFA,81B3:C9C5,81BA:E2DF,81BB:EBFE,81C0:CDCE,81C1:ECA1,81C2:B1DB,81C3:D3B7,81C6:D2DC,81CA:EBFD,81CC:EBFB,81E3:B3BC,81E7:EAB0,81EA:D7D4,81EC:F4AB,81ED:B3F4,81F3:D6C1,81F4:D6C2,81FB:D5E9,81FC:BECA,81FE:F4A7,8200:D2A8,8201:F4A8,8202:F4A9,8204:F4AA,8205:BECB,8206:D3DF,820C:C9E0,820D:C9E1,8210:F3C2,8212:CAE6,8214:CCF2,821B:E2B6,821C:CBB4,821E:CEE8,821F:D6DB,8221:F4AD,8222:F4AE,8223:F4AF,8228:F4B2,822A:BABD,822B:F4B3,822C:B0E3,822D:F4B0,822F:F4B1,8230:BDA2,8231:B2D5,8233:F4B6,8234:F4B7,8235:B6E6,8236:B2B0,8237:CFCF,8238:F4B4,8239:B4AC,823B:F4B5,823E:F4B8,8244:F4B9,8247:CDA7,8249:F4BA,824B:F4BB,824F:F4BC,8258:CBD2,825A:F4BD,825F:F4BE,8268:F4BF,826E:F4DE,826F:C1BC,8270:BCE8,8272:C9AB,8273:D1DE,8274:E5F5,8279:DCB3,827A:D2D5,827D:DCB4,827E:B0AC,827F:DCB5,8282:BDDA,8284:DCB9,8288:D8C2,828A:DCB7,828B:D3F3,828D:C9D6,828E:DCBA,828F:DCB6,8291:DCBB,8292:C3A2,8297:DCBC,8298:DCC5,8299:DCBD,829C:CEDF,829D:D6A5,829F:DCCF,82A1:DCCD,82A4:DCD2,82A5:BDE6,82A6:C2AB,82A8:DCB8,82A9:DCCB,82AA:DCCE,82AB:DCBE,82AC:B7D2,82AD:B0C5,82AE:DCC7,82AF:D0BE,82B0:DCC1,82B1:BBA8,82B3:B7BC,82B4:DCCC,82B7:DCC6,82B8:DCBF,82B9:C7DB,82BD:D1BF,82BE:DCC0,82C1:DCCA,82C4:DCD0,82C7:CEAD,82C8:DCC2,82CA:DCC3,82CB:DCC8,82CC:DCC9,82CD:B2D4,82CE:DCD1,82CF:CBD5,82D1:D4B7,82D2:DCDB,82D3:DCDF,82D4:CCA6,82D5:DCE6,82D7:C3E7,82D8:DCDC,82DB:BFC1,82DC:DCD9,82DE:B0FA,82DF:B9B6,82E0:DCE5,82E1:DCD3,82E3:DCC4,82E4:DCD6,82E5:C8F4,82E6:BFE0,82EB:C9BB,82EF:B1BD,82F1:D3A2,82F4:DCDA,82F7:DCD5,82F9:C6BB,82FB:DCDE,8301:D7C2,8302:C3AF,8303:B7B6,8304:C7D1,8305:C3A9,8306:DCE2,8307:DCD8,8308:DCEB,8309:DCD4,830C:DCDD,830E:BEA5,830F:DCD7,8311:DCE0,8314:DCE3,8315:DCE4,8317:DCF8,831A:DCE1,831B:DDA2,831C:DCE7,8327:BCEB,8328:B4C4,832B:C3A3,832C:B2E7,832D:DCFA,832F:DCF2,8331:DCEF,8333:DCFC,8334:DCEE,8335:D2F0,8336:B2E8,8338:C8D7,8339:C8E3,833A:DCFB,833C:DCED,8340:DCF7,8343:DCF5,8346:BEA3,8347:DCF4,8349:B2DD,834F:DCF3,8350:BCF6,8351:DCE8,8352:BBC4,8354:C0F3,835A:BCD4,835B:DCE9,835C:DCEA,835E:DCF1,835F:DCF6,8360:DCF9,8361:B5B4,8363:C8D9,8364:BBE7,8365:DCFE,8366:DCFD,8367:D3AB,8368:DDA1,8369:DDA3,836A:DDA5,836B:D2F1,836C:DDA4,836D:DDA6,836E:DDA7,836F:D2A9,8377:BAC9,8378:DDA9,837B:DDB6,837C:DDB1,837D:DDB4,8385:DDB0,8386:C6CE,8389:C0F2,838E:C9AF,8392:DCEC,8393:DDAE,8398:DDB7,839B:DCF0,839C:DDAF,839E:DDB8,83A0:DDAC,83A8:DDB9,83A9:DDB3,83AA:DDAD,83AB:C4AA,83B0:DDA8,83B1:C0B3,83B2:C1AB,83B3:DDAA,83B4:DDAB,83B6:DDB2,83B7:BBF1,83B8:DDB5,83B9:D3A8,83BA:DDBA,83BC:DDBB,83BD:C3A7,83C0:DDD2,83C1:DDBC,83C5:DDD1,83C7:B9BD,83CA:BED5,83CC:BEFA,83CF:BACA,83D4:DDCA,83D6:DDC5,83D8:DDBF,83DC:B2CB,83DD:DDC3,83DF:DDCB,83E0:B2A4,83E1:DDD5,83E5:DDBE,83E9:C6D0,83EA:DDD0,83F0:DDD4,83F1:C1E2,83F2:B7C6,83F8:DDCE,83F9:DDCF,83FD:DDC4,8401:DDBD,8403:DDCD,8404:CCD1,8406:DDC9,840B:DDC2,840C:C3C8,840D:C6BC,840E:CEAE,840F:DDCC,8411:DDC8,8418:DDC1,841C:DDC6,841D:C2DC,8424:D3A9,8425:D3AA,8426:DDD3,8427:CFF4,8428:C8F8,8431:DDE6,8438:DDC7,843C:DDE0,843D:C2E4,8446:DDE1,8451:DDD7,8457:D6F8,8459:DDD9,845A:DDD8,845B:B8F0,845C:DDD6,8461:C6CF,8463:B6AD,8469:DDE2,846B:BAF9,846C:D4E1,846D:DDE7,8471:B4D0,8473:DDDA,8475:BFFB,8476:DDE3,8478:DDDF,847A:DDDD,8482:B5D9,8487:DDDB,8488:DDDC,8489:DDDE,848B:BDAF,848C:DDE4,848E:DDE5,8497:DDF5,8499:C3C9,849C:CBE2,84A1:DDF2,84AF:D8E1,84B2:C6D1,84B4:DDF4,84B8:D5F4,84B9:DDF3,84BA:DDF0,84BD:DDEC,84BF:DDEF,84C1:DDE8,84C4:D0EE,84C9:C8D8,84CA:DDEE,84CD:DDE9,84D0:DDEA,84D1:CBF2,84D3:DDED,84D6:B1CD,84DD:C0B6,84DF:BCBB,84E0:DDF1,84E3:DDF7,84E5:DDF6,84E6:DDEB,84EC:C5EE,84F0:DDFB,84FC:DEA4,84FF:DEA3,850C:DDF8,8511:C3EF,8513:C2FB,8517:D5E1,851A:CEB5,851F:DDFD,8521:B2CC,852B:C4E8,852C:CADF,8537:C7BE,8538:DDFA,8539:DDFC,853A:DDFE,853B:DEA2,853C:B0AA,853D:B1CE,8543:DEAC,8548:DEA6,8549:BDB6,854A:C8EF,8556:DEA1,8559:DEA5,855E:DEA9,8564:DEA8,8568:DEA7,8572:DEAD,8574:D4CC,8579:DEB3,857A:DEAA,857B:DEAE,857E:C0D9,8584:B1A1,8585:DEB6,8587:DEB1,858F:DEB2,859B:D1A6,859C:DEB5,85A4:DEAF,85A8:DEB0,85AA:D0BD,85AE:DEB4,85AF:CAED,85B0:DEB9,85B7:DEB8,85B9:DEB7,85C1:DEBB,85C9:BDE5,85CF:B2D8,85D0:C3EA,85D3:DEBA,85D5:C5BA,85DC:DEBC,85E4:CCD9,85E9:B7AA,85FB:D4E5,85FF:DEBD,8605:DEBF,8611:C4A2,8616:DEC1,8627:DEBE,8629:DEC0,8638:D5BA,863C:DEC2,864D:F2AE,864E:BBA2,864F:C2B2,8650:C5B0,8651:C2C7,8654:F2AF,865A:D0E9,865E:D3DD,8662:EBBD,866B:B3E6,866C:F2B0,866E:F2B1,8671:CAAD,8679:BAE7,867A:F2B3,867B:F2B5,867C:F2B4,867D:CBE4,867E:CFBA,867F:F2B2,8680:CAB4,8681:D2CF,8682:C2EC,868A:CEC3,868B:F2B8,868C:B0F6,868D:F2B7,8693:F2BE,8695:B2CF,869C:D1C1,869D:F2BA,86A3:F2BC,86A4:D4E9,86A7:F2BB,86A8:F2B6,86A9:F2BF,86AA:F2BD,86AC:F2B9,86AF:F2C7,86B0:F2C4,86B1:F2C6,86B4:F2CA,86B5:F2C2,86B6:F2C0,86BA:F2C5,86C0:D6FB,86C4:F2C1,86C6:C7F9,86C7:C9DF,86C9:F2C8,86CA:B9C6,86CB:B5B0,86CE:F2C3,86CF:F2C9,86D0:F2D0,86D1:F2D6,86D4:BBD7,86D8:F2D5,86D9:CDDC,86DB:D6EB,86DE:F2D2,86DF:F2D4,86E4:B8F2,86E9:F2CB,86ED:F2CE,86EE:C2F9,86F0:D5DD,86F1:F2CC,86F2:F2CD,86F3:F2CF,86F4:F2D3,86F8:F2D9,86F9:D3BC,86FE:B6EA,8700:CAF1,8702:B7E4,8703:F2D7,8707:F2D8,8708:F2DA,8709:F2DD,870A:F2DB,870D:F2DC,8712:D1D1,8713:F2D1,8715:CDC9,8717:CECF,8718:D6A9,871A:F2E3,871C:C3DB,871E:F2E0,8721:C0AF,8722:F2EC,8723:F2DE,8725:F2E1,8729:F2E8,872E:F2E2,8731:F2E7,8734:F2E6,8737:F2E9,873B:F2DF,873E:F2E4,873F:F2EA,8747:D3AC,8748:F2E5,8749:B2F5,874C:F2F2,874E:D0AB,8753:F2F5,8757:BBC8,8759:F2F9,8760:F2F0,8763:F2F6,8764:F2F8,8765:F2FA,876E:F2F3,8770:F2F1,8774:BAFB,8776:B5FB,877B:F2EF,877C:F2F7,877D:F2ED,877E:F2EE,8782:F2EB,8783:F3A6,8785:F3A3,8788:F3A2,878B:F2F4,878D:C8DA,8793:F2FB,8797:F3A5,879F:C3F8,87A8:F2FD,87AB:F3A7,87AC:F3A9,87AD:F3A4,87AF:F2FC,87B3:F3AB,87B5:F3AA,87BA:C2DD,87BD:F3AE,87C0:F3B0,87C6:F3A1,87CA:F3B1,87CB:F3AC,87D1:F3AF,87D2:F2FE,87D3:F3AD,87DB:F3B2,87E0:F3B4,87E5:F3A8,87EA:F3B3,87EE:F3B5,87F9:D0B7,87FE:F3B8,8803:D9F9,880A:F3B9,8813:F3B7,8815:C8E4,8816:F3B6,881B:F3BA,8821:F3BB,8822:B4C0,8832:EEC3,8839:F3BC,883C:F3BD,8840:D1AA,8844:F4AC,8845:D0C6,884C:D0D0,884D:D1DC,8854:CFCE,8857:BDD6,8859:D1C3,8861:BAE2,8862:E1E9,8863:D2C2,8864:F1C2,8865:B2B9,8868:B1ED,8869:F1C3,886B:C9C0,886C:B3C4,886E:D9F2,8870:CBA5,8872:F1C4,8877:D6D4,887D:F1C5,887E:F4C0,887F:F1C6,8881:D4AC,8882:F1C7,8884:B0C0,8885:F4C1,8888:F4C2,888B:B4FC,888D:C5DB,8892:CCBB,8896:D0E4,889C:CDE0,88A2:F1C8,88A4:D9F3,88AB:B1BB,88AD:CFAE,88B1:B8A4,88B7:F1CA,88BC:F1CB,88C1:B2C3,88C2:C1D1,88C5:D7B0,88C6:F1C9,88C9:F1CC,88CE:F1CE,88D2:D9F6,88D4:D2E1,88D5:D4A3,88D8:F4C3,88D9:C8B9,88DF:F4C4,88E2:F1CD,88E3:F1CF,88E4:BFE3,88E5:F1D0,88E8:F1D4,88F0:F1D6,88F1:F1D1,88F3:C9D1,88F4:C5E1,88F8:C2E3,88F9:B9FC,88FC:F1D3,88FE:F1D5,8902:B9D3,890A:F1DB,8910:BAD6,8912:B0FD,8913:F1D9,8919:F1D8,891A:F1D2,891B:F1DA,8921:F1D7,8925:C8EC,892A:CDCA,892B:F1DD,8930:E5BD,8934:F1DC,8936:F1DE,8941:F1DF,8944:CFE5,895E:F4C5,895F:BDF3,8966:F1E0,897B:F1E1,897F:CEF7,8981:D2AA,8983:F1FB,8986:B8B2,89C1:BCFB,89C2:B9DB,89C4:B9E6,89C5:C3D9,89C6:CAD3,89C7:EAE8,89C8:C0C0,89C9:BEF5,89CA:EAE9,89CB:EAEA,89CC:EAEB,89CE:EAEC,89CF:EAED,89D0:EAEE,89D1:EAEF,89D2:BDC7,89D6:F5FB,89DA:F5FD,89DC:F5FE,89DE:F5FC,89E3:BDE2,89E5:F6A1,89E6:B4A5,89EB:F6A2,89EF:F6A3,89F3:ECB2,8A00:D1D4,8A07:D9EA,8A3E:F6A4,8A48:EEBA,8A79:D5B2,8A89:D3FE,8A8A:CCDC,8A93:CAC4,8B07:E5C0,8B26:F6A5,8B66:BEAF,8B6C:C6A9,8BA0:DAA5,8BA1:BCC6,8BA2:B6A9,8BA3:B8BC,8BA4:C8CF,8BA5:BCA5,8BA6:DAA6,8BA7:DAA7,8BA8:CCD6,8BA9:C8C3,8BAA:DAA8,8BAB:C6FD,8BAD:D1B5,8BAE:D2E9,8BAF:D1B6,8BB0:BCC7,8BB2:BDB2,8BB3:BBE4,8BB4:DAA9,8BB5:DAAA,8BB6:D1C8,8BB7:DAAB,8BB8:D0ED,8BB9:B6EF,8BBA:C2DB,8BBC:CBCF,8BBD:B7ED,8BBE:C9E8,8BBF:B7C3,8BC0:BEF7,8BC1:D6A4,8BC2:DAAC,8BC3:DAAD,8BC4:C6C0,8BC5:D7E7,8BC6:CAB6,8BC8:D5A9,8BC9:CBDF,8BCA:D5EF,8BCB:DAAE,8BCC:D6DF,8BCD:B4CA,8BCE:DAB0,8BCF:DAAF,8BD1:D2EB,8BD2:DAB1,8BD3:DAB2,8BD4:DAB3,8BD5:CAD4,8BD6:DAB4,8BD7:CAAB,8BD8:DAB5,8BD9:DAB6,8BDA:B3CF,8BDB:D6EF,8BDC:DAB7,8BDD:BBB0,8BDE:B5AE,8BDF:DAB8,8BE0:DAB9,8BE1:B9EE,8BE2:D1AF,8BE3:D2E8,8BE4:DABA,8BE5:B8C3,8BE6:CFEA,8BE7:B2EF,8BE8:DABB,8BE9:DABC,8BEB:BDEB,8BEC:CEDC,8BED:D3EF,8BEE:DABD,8BEF:CEF3,8BF0:DABE,8BF1:D3D5,8BF2:BBE5,8BF3:DABF,8BF4:CBB5,8BF5:CBD0,8BF6:DAC0,8BF7:C7EB,8BF8:D6EE,8BF9:DAC1,8BFA:C5B5,8BFB:B6C1,8BFC:DAC2,8BFD:B7CC,8BFE:BFCE,8BFF:DAC3,8C00:DAC4,8C01:CBAD,8C02:DAC5,8C03:B5F7,8C04:DAC6,8C05:C1C2,8C06:D7BB,8C07:DAC7,8C08:CCB8,8C0A:D2EA,8C0B:C4B1,8C0C:DAC8,8C0D:B5FD,8C0E:BBD1,8C0F:DAC9,8C10:D0B3,8C11:DACA,8C12:DACB,8C13:CEBD,8C14:DACC,8C15:DACD,8C16:DACE,8C17:B2F7,8C18:DAD1,8C19:DACF,8C1A:D1E8,8C1B:DAD0,8C1C:C3D5,8C1D:DAD2,8C1F:DAD3,8C20:DAD4,8C21:DAD5,8C22:D0BB,8C23:D2A5,8C24:B0F9,8C25:DAD6,8C26:C7AB,8C27:DAD7,8C28:BDF7,8C29:C3A1,8C2A:DAD8,8C2B:DAD9,8C2C:C3FD,8C2D:CCB7,8C2E:DADA,8C2F:DADB,8C30:C0BE,8C31:C6D7,8C32:DADC,8C33:DADD,8C34:C7B4,8C35:DADE,8C36:DADF,8C37:B9C8,8C41:BBED,8C46:B6B9,8C47:F4F8,8C49:F4F9,8C4C:CDE3,8C55:F5B9,8C5A:EBE0,8C61:CFF3,8C62:BBBF,8C6A:BAC0,8C6B:D4A5,8C73:E1D9,8C78:F5F4,8C79:B1AA,8C7A:B2F2,8C82:F5F5,8C85:F5F7,8C89:BAD1,8C8A:F5F6,8C8C:C3B2,8C94:F5F9,8C98:F5F8,8D1D:B1B4,8D1E:D5EA,8D1F:B8BA,8D21:B9B1,8D22:B2C6,8D23:D4F0,8D24:CFCD,8D25:B0DC,8D26:D5CB,8D27:BBF5,8D28:D6CA,8D29:B7B7,8D2A:CCB0,8D2B:C6B6,8D2C:B1E1,8D2D:B9BA,8D2E:D6FC,8D2F:B9E1,8D30:B7A1,8D31:BCFA,8D32:EADA,8D33:EADB,8D34:CCF9,8D35:B9F3,8D36:EADC,8D37:B4FB,8D38:C3B3,8D39:B7D1,8D3A:BAD8,8D3B:EADD,8D3C:D4F4,8D3D:EADE,8D3E:BCD6,8D3F:BBDF,8D40:EADF,8D41:C1DE,8D42:C2B8,8D43:D4DF,8D44:D7CA,8D45:EAE0,8D46:EAE1,8D47:EAE4,8D48:EAE2,8D49:EAE3,8D4A:C9DE,8D4B:B8B3,8D4C:B6C4,8D4D:EAE5,8D4E:CAEA,8D4F:C9CD,8D50:B4CD,8D53:E2D9,8D54:C5E2,8D55:EAE6,8D56:C0B5,8D58:D7B8,8D59:EAE7,8D5A:D7AC,8D5B:C8FC,8D5C:D8D3,8D5D:D8CD,8D5E:D4DE,8D60:D4F9,8D61:C9C4,8D62:D3AE,8D63:B8D3,8D64:B3E0,8D66:C9E2,8D67:F4F6,8D6B:BAD5,8D6D:F4F7,8D70:D7DF,8D73:F4F1,8D74:B8B0,8D75:D5D4,8D76:B8CF,8D77:C6F0,8D81:B3C3,8D84:F4F2,8D85:B3AC,8D8A:D4BD,8D8B:C7F7,8D91:F4F4,8D94:F4F3,8D9F:CCCB,8DA3:C8A4,8DB1:F4F5,8DB3:D7E3,8DB4:C5BF,8DB5:F5C0,8DB8:F5BB,8DBA:F5C3,8DBC:F5C2,8DBE:D6BA,8DBF:F5C1,8DC3:D4BE,8DC4:F5C4,8DC6:F5CC,8DCB:B0CF,8DCC:B5F8,8DCE:F5C9,8DCF:F5CA,8DD1:C5DC,8DD6:F5C5,8DD7:F5C6,8DDA:F5C7,8DDB:F5CB,8DDD:BEE0,8DDE:F5C8,8DDF:B8FA,8DE3:F5D0,8DE4:F5D3,8DE8:BFE7,8DEA:B9F2,8DEB:F5BC,8DEC:F5CD,8DEF:C2B7,8DF3:CCF8,8DF5:BCF9,8DF7:F5CE,8DF8:F5CF,8DF9:F5D1,8DFA:B6E5,8DFB:F5D2,8DFD:F5D5,8E05:F5BD,8E09:F5D4,8E0A:D3BB,8E0C:B3EC,8E0F:CCA4,8E14:F5D6,8E1D:F5D7,8E1E:BEE1,8E1F:F5D8,8E22:CCDF,8E23:F5DB,8E29:B2C8,8E2A:D7D9,8E2C:F5D9,8E2E:F5DA,8E2F:F5DC,8E31:F5E2,8E35:F5E0,8E39:F5DF,8E3A:F5DD,8E3D:F5E1,8E40:F5DE,8E41:F5E4,8E42:F5E5,8E44:CCE3,8E47:E5BF,8E48:B5B8,8E49:F5E3,8E4A:F5E8,8E4B:CCA3,8E51:F5E6,8E52:F5E7,8E59:F5BE,8E66:B1C4,8E69:F5BF,8E6C:B5C5,8E6D:B2E4,8E6F:F5EC,8E70:F5E9,8E72:B6D7,8E74:F5ED,8E76:F5EA,8E7C:F5EB,8E7F:B4DA,8E81:D4EA,8E85:F5EE,8E87:B3F9,8E8F:F5EF,8E90:F5F1,8E94:F5F0,8E9C:F5F2,8E9E:F5F3,8EAB:C9ED,8EAC:B9AA,8EAF:C7FB,8EB2:B6E3,8EBA:CCC9,8ECE:EAA6,8F66:B3B5,8F67:D4FE,8F68:B9EC,8F69:D0F9,8F6B:E9ED,8F6C:D7AA,8F6D:E9EE,8F6E:C2D6,8F6F:C8ED,8F70:BAE4,8F71:E9EF,8F72:E9F0,8F73:E9F1,8F74:D6E1,8F75:E9F2,8F76:E9F3,8F77:E9F5,8F78:E9F4,8F79:E9F6,8F7A:E9F7,8F7B:C7E1,8F7C:E9F8,8F7D:D4D8,8F7E:E9F9,8F7F:BDCE,8F81:E9FA,8F82:E9FB,8F83:BDCF,8F84:E9FC,8F85:B8A8,8F86:C1BE,8F87:E9FD,8F88:B1B2,8F89:BBD4,8F8A:B9F5,8F8B:E9FE,8F8D:EAA1,8F8E:EAA2,8F8F:EAA3,8F90:B7F8,8F91:BCAD,8F93:CAE4,8F94:E0CE,8F95:D4AF,8F96:CFBD,8F97:D5B7,8F98:EAA4,8F99:D5DE,8F9A:EAA5,8F9B:D0C1,8F9C:B9BC,8F9E:B4C7,8F9F:B1D9,8FA3:C0B1,8FA8:B1E6,8FA9:B1E7,8FAB:B1E8,8FB0:B3BD,8FB1:C8E8,8FB6:E5C1,8FB9:B1DF,8FBD:C1C9,8FBE:B4EF,8FC1:C7A8,8FC2:D3D8,8FC4:C6F9,8FC5:D1B8,8FC7:B9FD,8FC8:C2F5,8FCE:D3AD,8FD0:D4CB,8FD1:BDFC,8FD3:E5C2,8FD4:B7B5,8FD5:E5C3,8FD8:BBB9,8FD9:D5E2,8FDB:BDF8,8FDC:D4B6,8FDD:CEA5,8FDE:C1AC,8FDF:B3D9,8FE2:CCF6,8FE4:E5C6,8FE5:E5C4,8FE6:E5C8,8FE8:E5CA,8FE9:E5C7,8FEA:B5CF,8FEB:C6C8,8FED:B5FC,8FEE:E5C5,8FF0:CAF6,8FF3:E5C9,8FF7:C3D4,8FF8:B1C5,8FF9:BCA3,8FFD:D7B7,9000:CDCB,9001:CBCD,9002:CACA,9003:CCD3,9004:E5CC,9005:E5CB,9006:C4E6,9009:D1A1,900A:D1B7,900B:E5CD,900D:E5D0,900F:CDB8,9010:D6F0,9011:E5CF,9012:B5DD,9014:CDBE,9016:E5D1,9017:B6BA,901A:CDA8,901B:B9E4,901D:CAC5,901E:B3D1,901F:CBD9,9020:D4EC,9021:E5D2,9022:B7EA,9026:E5CE,902D:E5D5,902E:B4FE,902F:E5D6,9035:E5D3,9036:E5D4,9038:D2DD,903B:C2DF,903C:B1C6,903E:D3E2,9041:B6DD,9042:CBEC,9044:E5D7,9047:D3F6,904D:B1E9,904F:B6F4,9050:E5DA,9051:E5D8,9052:E5D9,9053:B5C0,9057:D2C5,9058:E5DC,905B:E5DE,9062:E5DD,9063:C7B2,9065:D2A3,9068:E5DB,906D:D4E2,906E:D5DA,9074:E5E0,9075:D7F1,907D:E5E1,907F:B1DC,9080:D1FB,9082:E5E2,9083:E5E4,9088:E5E3,908B:E5E5,9091:D2D8,9093:B5CB,9095:E7DF,9097:DAF5,9099:DAF8,909B:DAF6,909D:DAF7,90A1:DAFA,90A2:D0CF,90A3:C4C7,90A6:B0EE,90AA:D0B0,90AC:DAF9,90AE:D3CA,90AF:BAAA,90B0:DBA2,90B1:C7F1,90B3:DAFC,90B4:DAFB,90B5:C9DB,90B6:DAFD,90B8:DBA1,90B9:D7DE,90BA:DAFE,90BB:C1DA,90BE:DBA5,90C1:D3F4,90C4:DBA7,90C5:DBA4,90C7:DBA8,90CA:BDBC,90CE:C0C9,90CF:DBA3,90D0:DBA6,90D1:D6A3,90D3:DBA9,90D7:DBAD,90DB:DBAE,90DC:DBAC,90DD:BAC2,90E1:BFA4,90E2:DBAB,90E6:DBAA,90E7:D4C7,90E8:B2BF,90EB:DBAF,90ED:B9F9,90EF:DBB0,90F4:B3BB,90F8:B5A6,90FD:B6BC,90FE:DBB1,9102:B6F5,9104:DBB2,9119:B1C9,911E:DBB4,9122:DBB3,9123:DBB5,912F:DBB7,9131:DBB6,9139:DBB8,9143:DBB9,9146:DBBA,9149:D3CF,914A:F4FA,914B:C7F5,914C:D7C3,914D:C5E4,914E:F4FC,914F:F4FD,9150:F4FB,9152:BEC6,9157:D0EF,915A:B7D3,915D:D4CD,915E:CCAA,9161:F5A2,9162:F5A1,9163:BAA8,9164:F4FE,9165:CBD6,9169:F5A4,916A:C0D2,916C:B3EA,916E:CDAA,916F:F5A5,9170:F5A3,9171:BDB4,9172:F5A8,9174:F5A9,9175:BDCD,9176:C3B8,9177:BFE1,9178:CBE1,9179:F5AA,917D:F5A6,917E:F5A7,917F:C4F0,9185:F5AC,9187:B4BC,9189:D7ED,918B:B4D7,918C:F5AB,918D:F5AE,9190:F5AD,9191:F5AF,9192:D0D1,919A:C3D1,919B:C8A9,91A2:F5B0,91A3:F5B1,91AA:F5B2,91AD:F5B3,91AE:F5B4,91AF:F5B5,91B4:F5B7,91B5:F5B6,91BA:F5B8,91C7:B2C9,91C9:D3D4,91CA:CACD,91CC:C0EF,91CD:D6D8,91CE:D2B0,91CF:C1BF,91D1:BDF0,91DC:B8AA,9274:BCF8,928E:F6C6,92AE:F6C7,92C8:F6C8,933E:F6C9,936A:F6CA,938F:F6CC,93CA:F6CB,93D6:F7E9,943E:F6CD,946B:F6CE,9485:EEC4,9486:EEC5,9487:EEC6,9488:D5EB,9489:B6A4,948A:EEC8,948B:EEC7,948C:EEC9,948D:EECA,948E:C7A5,948F:EECB,9490:EECC,9492:B7B0,9493:B5F6,9494:EECD,9495:EECF,9497:EECE,9499:B8C6,949A:EED0,949B:EED1,949C:EED2,949D:B6DB,949E:B3AE,949F:D6D3,94A0:C4C6,94A1:B1B5,94A2:B8D6,94A3:EED3,94A4:EED4,94A5:D4BF,94A6:C7D5,94A7:BEFB,94A8:CED9,94A9:B9B3,94AA:EED6,94AB:EED5,94AC:EED8,94AD:EED7,94AE:C5A5,94AF:EED9,94B0:EEDA,94B1:C7AE,94B2:EEDB,94B3:C7AF,94B4:EEDC,94B5:B2A7,94B6:EEDD,94B7:EEDE,94B8:EEDF,94B9:EEE0,94BA:EEE1,94BB:D7EA,94BC:EEE2,94BD:EEE3,94BE:BCD8,94BF:EEE4,94C0:D3CB,94C1:CCFA,94C2:B2AC,94C3:C1E5,94C4:EEE5,94C5:C7A6,94C6:C3AD,94C8:EEE6,94C9:EEE7,94CA:EEE8,94CB:EEE9,94CC:EEEA,94CD:EEEB,94CE:EEEC,94D0:EEED,94D1:EEEE,94D2:EEEF,94D5:EEF0,94D6:EEF1,94D7:EEF2,94D8:EEF4,94D9:EEF3,94DB:EEF5,94DC:CDAD,94DD:C2C1,94DE:EEF6,94DF:EEF7,94E0:EEF8,94E1:D5A1,94E2:EEF9,94E3:CFB3,94E4:EEFA,94E5:EEFB,94E7:EEFC,94E8:EEFD,94E9:EFA1,94EA:EEFE,94EB:EFA2,94EC:B8F5,94ED:C3FA,94EE:EFA3,94EF:EFA4,94F0:BDC2,94F1:D2BF,94F2:B2F9,94F3:EFA5,94F4:EFA6,94F5:EFA7,94F6:D2F8,94F7:EFA8,94F8:D6FD,94F9:EFA9,94FA:C6CC,94FC:EFAA,94FD:EFAB,94FE:C1B4,94FF:EFAC,9500:CFFA,9501:CBF8,9502:EFAE,9503:EFAD,9504:B3FA,9505:B9F8,9506:EFAF,9507:EFB0,9508:D0E2,9509:EFB1,950A:EFB2,950B:B7E6,950C:D0BF,950D:EFB3,950E:EFB4,950F:EFB5,9510:C8F1,9511:CCE0,9512:EFB6,9513:EFB7,9514:EFB8,9515:EFB9,9516:EFBA,9517:D5E0,9518:EFBB,9519:B4ED,951A:C3AA,951B:EFBC,951D:EFBD,951E:EFBE,951F:EFBF,9521:CEFD,9522:EFC0,9523:C2E0,9524:B4B8,9525:D7B6,9526:BDF5,9528:CFC7,9529:EFC3,952A:EFC1,952B:EFC2,952C:EFC4,952D:B6A7,952E:BCFC,952F:BEE2,9530:C3CC,9531:EFC5,9532:EFC6,9534:EFC7,9535:EFCF,9536:EFC8,9537:EFC9,9538:EFCA,9539:C7C2,953A:EFF1,953B:B6CD,953C:EFCB,953E:EFCC,953F:EFCD,9540:B6C6,9541:C3BE,9542:EFCE,9544:EFD0,9545:EFD1,9546:EFD2,9547:D5F2,9549:EFD3,954A:C4F7,954C:EFD4,954D:C4F8,954E:EFD5,954F:EFD6,9550:B8E4,9551:B0F7,9552:EFD7,9553:EFD8,9554:EFD9,9556:EFDA,9557:EFDB,9558:EFDC,9559:EFDD,955B:EFDE,955C:BEB5,955D:EFE1,955E:EFDF,955F:EFE0,9561:EFE2,9562:EFE3,9563:C1CD,9564:EFE4,9565:EFE5,9566:EFE6,9567:EFE7,9568:EFE8,9569:EFE9,956A:EFEA,956B:EFEB,956C:EFEC,956D:C0D8,956F:EFED,9570:C1AD,9571:EFEE,9572:EFEF,9573:EFF0,9576:CFE2,957F:B3A4,95E8:C3C5,95E9:E3C5,95EA:C9C1,95EB:E3C6,95ED:B1D5,95EE:CECA,95EF:B4B3,95F0:C8F2,95F1:E3C7,95F2:CFD0,95F3:E3C8,95F4:BCE4,95F5:E3C9,95F6:E3CA,95F7:C3C6,95F8:D5A2,95F9:C4D6,95FA:B9EB,95FB:CEC5,95FC:E3CB,95FD:C3F6,95FE:E3CC,9600:B7A7,9601:B8F3,9602:BAD2,9603:E3CD,9604:E3CE,9605:D4C4,9606:E3CF,9608:E3D0,9609:D1CB,960A:E3D1,960B:E3D2,960C:E3D3,960D:E3D4,960E:D1D6,960F:E3D5,9610:B2FB,9611:C0BB,9612:E3D6,9614:C0AB,9615:E3D7,9616:E3D8,9617:E3D9,9619:E3DA,961A:E3DB,961C:B8B7,961D:DAE2,961F:B6D3,9621:DAE4,9622:DAE3,962A:DAE6,962E:C8EE,9631:DAE5,9632:B7C0,9633:D1F4,9634:D2F5,9635:D5F3,9636:BDD7,963B:D7E8,963C:DAE8,963D:DAE7,963F:B0A2,9640:CDD3,9642:DAE9,9644:B8BD,9645:BCCA,9646:C2BD,9647:C2A4,9648:B3C2,9649:DAEA,964B:C2AA,964C:C4B0,964D:BDB5,9650:CFDE,9654:DAEB,9655:C9C2,965B:B1DD,965F:DAEC,9661:B6B8,9662:D4BA,9664:B3FD,9667:DAED,9668:D4C9,9669:CFD5,966A:C5E3,966C:DAEE,9672:DAEF,9674:DAF0,9675:C1EA,9676:CCD5,9677:CFDD,9685:D3E7,9686:C2A1,9688:DAF1,968B:CBE5,968D:DAF2,968F:CBE6,9690:D2FE,9694:B8F4,9697:DAF3,9698:B0AF,9699:CFB6,969C:D5CF,96A7:CBED,96B0:DAF4,96B3:E3C4,96B6:C1A5,96B9:F6BF,96BC:F6C0,96BD:F6C1,96BE:C4D1,96C0:C8B8,96C1:D1E3,96C4:D0DB,96C5:D1C5,96C6:BCAF,96C7:B9CD,96C9:EFF4,96CC:B4C6,96CD:D3BA,96CE:F6C2,96CF:B3FB,96D2:F6C3,96D5:B5F1,96E0:F6C5,96E8:D3EA,96E9:F6A7,96EA:D1A9,96EF:F6A9,96F3:F6A8,96F6:C1E3,96F7:C0D7,96F9:B1A2,96FE:CEED,9700:D0E8,9701:F6AB,9704:CFF6,9706:F6AA,9707:D5F0,9708:F6AC,9709:C3B9,970D:BBF4,970E:F6AE,970F:F6AD,9713:C4DE,9716:C1D8,971C:CBAA,971E:CFBC,972A:F6AF,972D:F6B0,9730:F6B1,9732:C2B6,9738:B0D4,9739:C5F9,973E:F6B2,9752:C7E0,9753:F6A6,9756:BEB8,9759:BEB2,975B:B5E5,975E:B7C7,9760:BFBF,9761:C3D2,9762:C3E6,9765:D8CC,9769:B8EF,9773:BDF9,9774:D1A5,9776:B0D0,977C:F7B0,9785:F7B1,978B:D0AC,978D:B0B0,9791:F7B2,9792:F7B3,9794:F7B4,9798:C7CA,97A0:BECF,97A3:F7B7,97AB:F7B6,97AD:B1DE,97AF:F7B5,97B2:F7B8,97B4:F7B9,97E6:CEA4,97E7:C8CD,97E9:BAAB,97EA:E8B8,97EB:E8B9,97EC:E8BA,97ED:BEC2,97F3:D2F4,97F5:D4CF,97F6:C9D8,9875:D2B3,9876:B6A5,9877:C7EA,9878:F1FC,9879:CFEE,987A:CBB3,987B:D0EB,987C:E7EF,987D:CDE7,987E:B9CB,987F:B6D9,9880:F1FD,9881:B0E4,9882:CBCC,9883:F1FE,9884:D4A4,9885:C2AD,9886:C1EC,9887:C6C4,9888:BEB1,9889:F2A1,988A:BCD5,988C:F2A2,988D:F2A3,988F:F2A4,9890:D2C3,9891:C6B5,9893:CDC7,9894:F2A5,9896:D3B1,9897:BFC5,9898:CCE2,989A:F2A6,989B:F2A7,989C:D1D5,989D:B6EE,989E:F2A8,989F:F2A9,98A0:B5DF,98A1:F2AA,98A2:F2AB,98A4:B2FC,98A5:F2AC,98A6:F2AD,98A7:C8A7,98CE:B7E7,98D1:ECA9,98D2:ECAA,98D3:ECAB,98D5:ECAC,98D8:C6AE,98D9:ECAD,98DA:ECAE,98DE:B7C9,98DF:CAB3,98E7:E2B8,98E8:F7CF,990D:F7D0,9910:B2CD,992E:F7D1,9954:F7D3,9955:F7D2,9963:E2BB,9965:BCA2,9967:E2BC,9968:E2BD,9969:E2BE,996A:E2BF,996B:E2C0,996C:E2C1,996D:B7B9,996E:D2FB,996F:BDA4,9970:CACE,9971:B1A5,9972:CBC7,9974:E2C2,9975:B6FC,9976:C8C4,9977:E2C3,997A:BDC8,997C:B1FD,997D:E2C4,997F:B6F6,9980:E2C5,9981:C4D9,9984:E2C6,9985:CFDA,9986:B9DD,9987:E2C7,9988:C0A1,998A:E2C8,998B:B2F6,998D:E2C9,998F:C1F3,9990:E2CA,9991:E2CB,9992:C2F8,9993:E2CC,9994:E2CD,9995:E2CE,9996:CAD7,9997:D8B8,9998:D9E5,9999:CFE3,99A5:F0A5,99A8:DCB0,9A6C:C2ED,9A6D:D4A6,9A6E:CDD4,9A6F:D1B1,9A70:B3DB,9A71:C7FD,9A73:B2B5,9A74:C2BF,9A75:E6E0,9A76:CABB,9A77:E6E1,9A78:E6E2,9A79:BED4,9A7A:E6E3,9A7B:D7A4,9A7C:CDD5,9A7D:E6E5,9A7E:BCDD,9A7F:E6E4,9A80:E6E6,9A81:E6E7,9A82:C2EE,9A84:BDBE,9A85:E6E8,9A86:C2E6,9A87:BAA7,9A88:E6E9,9A8A:E6EA,9A8B:B3D2,9A8C:D1E9,9A8F:BFA5,9A90:E6EB,9A91:C6EF,9A92:E6EC,9A93:E6ED,9A96:E6EE,9A97:C6AD,9A98:E6EF,9A9A:C9A7,9A9B:E6F0,9A9C:E6F1,9A9D:E6F2,9A9E:E5B9,9A9F:E6F3,9AA0:E6F4,9AA1:C2E2,9AA2:E6F5,9AA3:E6F6,9AA4:D6E8,9AA5:E6F7,9AA7:E6F8,9AA8:B9C7,9AB0:F7BB,9AB1:F7BA,9AB6:F7BE,9AB7:F7BC,9AB8:BAA1,9ABA:F7BF,9ABC:F7C0,9AC0:F7C2,9AC1:F7C1,9AC2:F7C4,9AC5:F7C3,9ACB:F7C5,9ACC:F7C6,9AD1:F7C7,9AD3:CBE8,9AD8:B8DF,9ADF:F7D4,9AE1:F7D5,9AE6:F7D6,9AEB:F7D8,9AED:F7DA,9AEF:F7D7,9AF9:F7DB,9AFB:F7D9,9B03:D7D7,9B08:F7DC,9B0F:F7DD,9B13:F7DE,9B1F:F7DF,9B23:F7E0,9B2F:DBCB,9B32:D8AA,9B3B:E5F7,9B3C:B9ED,9B41:BFFD,9B42:BBEA,9B43:F7C9,9B44:C6C7,9B45:F7C8,9B47:F7CA,9B48:F7CC,9B49:F7CB,9B4D:F7CD,9B4F:CEBA,9B51:F7CE,9B54:C4A7,9C7C:D3E3,9C7F:F6CF,9C81:C2B3,9C82:F6D0,9C85:F6D1,9C86:F6D2,9C87:F6D3,9C88:F6D4,9C8B:F6D6,9C8D:B1AB,9C8E:F6D7,9C90:F6D8,9C91:F6D9,9C92:F6DA,9C94:F6DB,9C95:F6DC,9C9A:F6DD,9C9B:F6DE,9C9C:CFCA,9C9E:F6DF,9C9F:F6E0,9CA0:F6E1,9CA1:F6E2,9CA2:F6E3,9CA3:F6E4,9CA4:C0F0,9CA5:F6E5,9CA6:F6E6,9CA7:F6E7,9CA8:F6E8,9CA9:F6E9,9CAB:F6EA,9CAD:F6EB,9CAE:F6EC,9CB0:F6ED,9CB1:F6EE,9CB2:F6EF,9CB3:F6F0,9CB4:F6F1,9CB5:F6F2,9CB6:F6F3,9CB7:F6F4,9CB8:BEA8,9CBA:F6F5,9CBB:F6F6,9CBC:F6F7,9CBD:F6F8,9CC3:C8FA,9CC4:F6F9,9CC5:F6FA,9CC6:F6FB,9CC7:F6FC,9CCA:F6FD,9CCB:F6FE,9CCC:F7A1,9CCD:F7A2,9CCE:F7A3,9CCF:F7A4,9CD0:F7A5,9CD3:F7A6,9CD4:F7A7,9CD5:F7A8,9CD6:B1EE,9CD7:F7A9,9CD8:F7AA,9CD9:F7AB,9CDC:F7AC,9CDD:F7AD,9CDE:C1DB,9CDF:F7AE,9CE2:F7AF,9E1F:C4F1,9E20:F0AF,9E21:BCA6,9E22:F0B0,9E23:C3F9,9E25:C5B8,9E26:D1BB,9E28:F0B1,9E29:F0B2,9E2A:F0B3,9E2B:F0B4,9E2C:F0B5,9E2D:D1BC,9E2F:D1EC,9E31:F0B7,9E32:F0B6,9E33:D4A7,9E35:CDD2,9E36:F0B8,9E37:F0BA,9E38:F0B9,9E39:F0BB,9E3A:F0BC,9E3D:B8EB,9E3E:F0BD,9E3F:BAE8,9E41:F0BE,9E42:F0BF,9E43:BEE9,9E44:F0C0,9E45:B6EC,9E46:F0C1,9E47:F0C2,9E48:F0C3,9E49:F0C4,9E4A:C8B5,9E4B:F0C5,9E4C:F0C6,9E4E:F0C7,9E4F:C5F4,9E51:F0C8,9E55:F0C9,9E57:F0CA,9E58:F7BD,9E5A:F0CB,9E5B:F0CC,9E5C:F0CD,9E5E:F0CE,9E63:F0CF,9E64:BAD7,9E66:F0D0,9E67:F0D1,9E68:F0D2,9E69:F0D3,9E6A:F0D4,9E6B:F0D5,9E6C:F0D6,9E6D:F0D8,9E70:D3A5,9E71:F0D7,9E73:F0D9,9E7E:F5BA,9E7F:C2B9,9E82:F7E4,9E87:F7E5,9E88:F7E6,9E8B:F7E7,9E92:F7E8,9E93:C2B4,9E9D:F7EA,9E9F:F7EB,9EA6:C2F3,9EB4:F4F0,9EB8:F4EF,9EBB:C2E9,9EBD:F7E1,9EBE:F7E2,9EC4:BBC6,9EC9:D9E4,9ECD:CAF2,9ECE:C0E8,9ECF:F0A4,9ED1:BADA,9ED4:C7AD,9ED8:C4AC,9EDB:F7EC,9EDC:F7ED,9EDD:F7EE,9EDF:F7F0,9EE0:F7EF,9EE2:F7F1,9EE5:F7F4,9EE7:F7F3,9EE9:F7F2,9EEA:F7F5,9EEF:F7F6,9EF9:EDE9,9EFB:EDEA,9EFC:EDEB,9EFE:F6BC,9F0B:F6BD,9F0D:F6BE,9F0E:B6A6,9F10:D8BE,9F13:B9C4,9F17:D8BB,9F19:DCB1,9F20:CAF3,9F22:F7F7,9F2C:F7F8,9F2F:F7F9,9F37:F7FB,9F39:F7FA,9F3B:B1C7,9F3D:F7FC,9F3E:F7FD,9F44:F7FE,9F50:C6EB,9F51:ECB4,9F7F:B3DD,9F80:F6B3,9F83:F6B4,9F84:C1E4,9F85:F6B5,9F86:F6B6,9F87:F6B7,9F88:F6B8,9F89:F6B9,9F8A:F6BA,9F8B:C8A3,9F8C:F6BB,9F99:C1FA,9F9A:B9A8,9F9B:EDE8,9F9F:B9EA,9FA0:D9DF,FF01:A3A1,FF02:A3A2,FF03:A3A3,FF04:A1E7,FF05:A3A5,FF06:A3A6,FF07:A3A7,FF08:A3A8,FF09:A3A9,FF0A:A3AA,FF0B:A3AB,FF0C:A3AC,FF0D:A3AD,FF0E:A3AE,FF0F:A3AF,FF10:A3B0,FF11:A3B1,FF12:A3B2,FF13:A3B3,FF14:A3B4,FF15:A3B5,FF16:A3B6,FF17:A3B7,FF18:A3B8,FF19:A3B9,FF1A:A3BA,FF1B:A3BB,FF1C:A3BC,FF1D:A3BD,FF1E:A3BE,FF1F:A3BF,FF20:A3C0,FF21:A3C1,FF22:A3C2,FF23:A3C3,FF24:A3C4,FF25:A3C5,FF26:A3C6,FF27:A3C7,FF28:A3C8,FF29:A3C9,FF2A:A3CA,FF2B:A3CB,FF2C:A3CC,FF2D:A3CD,FF2E:A3CE,FF2F:A3CF,FF30:A3D0,FF31:A3D1,FF32:A3D2,FF33:A3D3,FF34:A3D4,FF35:A3D5,FF36:A3D6,FF37:A3D7,FF38:A3D8,FF39:A3D9,FF3A:A3DA,FF3B:A3DB,FF3C:A3DC,FF3D:A3DD,FF3E:A3DE,FF3F:A3DF,FF40:A3E0,FF41:A3E1,FF42:A3E2,FF43:A3E3,FF44:A3E4,FF45:A3E5,FF46:A3E6,FF47:A3E7,FF48:A3E8,FF49:A3E9,FF4A:A3EA,FF4B:A3EB,FF4C:A3EC,FF4D:A3ED,FF4E:A3EE,FF4F:A3EF,FF50:A3F0,FF51:A3F1,FF52:A3F2,FF53:A3F3,FF54:A3F4,FF55:A3F5,FF56:A3F6,FF57:A3F7,FF58:A3F8,FF59:A3F9,FF5A:A3FA,FF5B:A3FB,FF5C:A3FC,FF5D:A3FD,FF5E:A1AB,FFE0:A1E9,FFE1:A1EA,FFE3:A3FE,FFE5:A3A4';

  xtx.init = function () {
    var items = xtx.data.split(',');
    var item = '';
    for (var i = 0; i < items.length; i++) {
      item = items[i].split(':');
      xtx.map[item[0]] = item[1];
    }
  };
  xtx.encodeGBK = function (chars) {
    var ret = [];
    for (var i = 0; i < chars.length; i++) {
      var c = chars.charCodeAt(i);
      var s = chars.substring(i, i + 1);
      var e = escape(s);
      var d = e.replace(/%u/, "");

      var r = xtx.map[d];
      if (r) {
        var first = r.substring(0, 2);
        var second = r.substring(2, 4);
        ret.push(String.fromCharCode(parseInt(first, 16)));
        ret.push(String.fromCharCode(parseInt(second, 16)));
      } else {
        ret.push(s);
      }
    }

    return ret.join('');
  };
  xtx.init();

  xtx.bytesToWords = function (a) {
    var b = [], c = 0, d = 0;
    for (; c < a.length; c++, d += 8) {
      b[d >>> 5] |= a[c] << 24 - d % 32;
    }
    return b;
  }

  xtx.wordsToBytes = function (a) {
    var b = [], c = 0;
    for (; c < a.length * 32; c += 8) {
      b.push(a[c >>> 5] >>> 24 - c % 32 & 255);
    }
    return b;
  }

  // ��������ժҪ(SHA1�㷨)
  // @param strInData ԭ��
  // @param encoding �����ʽ ȡֵΪhex base64,�ò���Ϊ��ʱ �����ݲ�������
  // ����Base64��ʽ��ժҪֵ
  xtx.digestData = function (strInData, encoding) {
    var strRealData;
    if (encoding == "hex" && strInData.length % 2 != 0) {
      return "";
    }
    if (encoding == "raw") {
      strRealData = xtx.encodeGBK(strInData);
    }
    var md = forge.md.sha1.create();
    md.update(strRealData, encoding);

    return md.digest().toString("base64");
  }

  xtx.sha1 = function (m, hash) {
    var w = [];

    var H0 = hash[0], H1 = hash[1], H2 = hash[2], H3 = hash[3], H4 = hash[4];

    for (var i = 0; i < m.length; i += 16) {

      var a = H0, b = H1, c = H2, d = H3, e = H4;

      for (var j = 0; j < 80; j++) {

        if (j < 16) {
          w[j] = m[i + j] | 0;
        } else {
          var n = w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16];
          w[j] = (n << 1) | (n >>> 31);
        }

        var t = ((H0 << 5) | (H0 >>> 27)) + H4 + (w[j] >>> 0) + (j < 20 ? (H1 & H2 | ~H1 & H3) + 1518500249 : j < 40 ? (H1 ^ H2 ^ H3) + 1859775393 : j < 60 ? (H1 & H2 | H1 & H3 | H2 & H3) - 1894007588 : (H1 ^ H2 ^ H3) - 899497514);
        H4 = H3;
        H3 = H2;
        H2 = (H1 << 30) | (H1 >>> 2);
        H1 = H0;
        H0 = t;

      }
      H0 = (H0 + a) | 0;
      H1 = (H1 + b) | 0;
      H2 = (H2 + c) | 0;
      H3 = (H3 + d) | 0;
      H4 = (H4 + e) | 0;

    }

    return [H0, H1, H2, H3, H4];

  }
  xtx.hash = [1732584193, -271733879, -1732584194, 271733878, -1009589776];
  xtx.sha1ArrayBuffer = function (a) {
    var uint8_array, message, block, nBitsTotal, output, nBitsLeft, nBitsTotalH, nBitsTotalL, res;

    uint8_array = new Uint8Array(a);
    message = xtx.bytesToWords(uint8_array);
    nBitsTotal = a.byteLength * 8;
    nBitsLeft = a.byteLength * 8;

    nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
    nBitsTotalL = nBitsTotal & 0xFFFFFFFF;

    // Padding
    message[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
    message[((nBitsLeft + 64 >>> 9) << 4) + 14] = nBitsTotalH;
    message[((nBitsLeft + 64 >>> 9) << 4) + 15] = nBitsTotalL;


    res = xtx.hash;
    res = xtx.sha1(message, res);

    return xtx.bytesToBase64(xtx.wordsToBytes(res));
  }

  xtx.Uint8ArrayToWordArray = function (a, start, length) {
    var words = [];
    for (var i = start; i < start + length; i++) {
      words[(i - start) >>> 2] |= a[i] << (24 - (i % 4) * 8);
    }

    return new CryptoJS.lib.WordArray.init(words, length);
  }

  xtx.SM3ArrayBuffer = function (a) {
    console.log(a);
    var oneTimeLength = 8;
    //alert(a.byteLength);
    var uint8Arr = new Uint8Array(a);
    var count = Math.ceil(a.byteLength / oneTimeLength);
    var inst = CryptoJS.algo.SM3.create();
    console.log(inst)
    for (var i = 0; i < count; i++) {
      var tlen = 0;
      if (i < count - 1) {
        tlen = oneTimeLength;
      } else {
        tlen = a.byteLength - oneTimeLength * i;
      }
      var wordArr = xtx.Uint8ArrayToWordArray(uint8Arr, i * oneTimeLength, tlen);
      inst.update(wordArr);
      wordArr = undefined;
    }
    var hexDigest = inst.finalize();

    /*
    var hex = forge.util.createBuffer(uint8Arr).toHex();
    var wa  = CryptoJS.enc.Hex.parse(hex);
    console.log(wa.toString());
    
    var wordArr = xtx.Uint8ArrayToWordArray(uint8Arr);
    console.log(wordArr.toString());
    var hexDigest = CryptoJS.SM3(wordArr);
    */
    var bytes = forge.util.hexToBytes(hexDigest.toString());
    var b64 = forge.util.encode64(bytes);
    return b64;
  }


  xtx.bytesToHex = function (a) { for (var b = [], c = 0; c < a.length; c++)b.push((a[c] >>> 4).toString(16)), b.push((a[c] & 15).toString(16)); return b.join("") }

  xtx.bytesToBase64 = function (a) {
    for (var b = [], c = 0; c < a.length; c += 3)
      for (var d = a[c] << 16 | a[c + 1] << 8 | a[c + 2], e = 0; e < 4; e++)
        c * 8 + e * 6 <= a.length * 8 ? b.push("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(d >>> 6 * (3 - e) & 63)) : b.push("=");
    return b.join("");
  }

  xtx.onReady = null;


  // ��������ժҪ(SHA1�㷨)
  // @param strInData ԭ��
  // ����Base64��ʽ��ժҪֵ
  xtx.digestFile = function (file) {
    var reader = new FileReader();
    reader.onload = function (rResult) {
      var digestData = xtx.sha1ArrayBuffer(rResult.target.result);
      if (typeof xtx.onReady == 'function') {
        xtx.onReady(digestData);
      }
    };
    reader.readAsArrayBuffer(file);

    return;
  }

  // ���������ŷ�
  // @param strCert ֤��(Base64��ʽ)
  // @param strInData ԭ��
  // @param encoding �����ʽ ȡֵΪhex base64,�ò���Ϊ��ʱ �����ݲ�������
  // ����Base64��ʽ�������ŷ�
  xtx.encryptMessage = function (strCert, strInData, encoding) {
    var strRealData;
    if (encoding == "hex" && strInData.length % 2 != 0) {
      return "";
    }
    if (encoding == "raw") {
      strRealData = xtx.encodeGBK(strInData);
    }

    var p7 = forge.pkcs7.createEnvelopedData();

    // add a recipient
    var cert = forge.pki.certificateFromPem(strCert);
    p7.addRecipient(cert);

    // set content
    p7.content = forge.util.createBuffer(strRealData, encoding);

    // encrypt
    p7.encrypt();

    // convert message to PEM
    return forge.pkcs7.messageToPem(p7);
  }

  // ���������ŷ�
  // @param strCert ֤��(Base64��ʽ)
  // @param strUserInfo �û���Ϣ �Ǹ�json��
  // @param strInData ԭ��
  // @param encoding �����ʽ ȡֵΪhex base64,�ò���Ϊ��ʱ �����ݲ�������
  // ����Base64��ʽ�������ŷ�
  xtx.tmpData = null;
  xtx.tmpCert = null;
  xtx.digestAndEncryptData = function (strCert, strUserInfo, file) {
    xtx.tmpData = strUserInfo;
    var reader = new FileReader();
    reader.onload = function (rResult) {
      var digestData = xtx.sha1ArrayBuffer(rResult.target.result);
      var strEncryptData = xtx.tmpData + "|" + digestData;
      var strEnvlope = xtx.encryptMessage(xtx.tmpCert, strEncryptData, "raw");
      xtx.tmpData = null;
      xtx.tmpCert = null;
      if (typeof xtx.onReady == 'function') {
        xtx.onReady(strEnvlope);
      }
    };
    xtx.tmpData = strUserInfo;
    xtx.tmpCert = strCert;
    reader.readAsArrayBuffer(file);

    return;
  }


  // ��������ժҪ(SM3�㷨)
  // @param strInData ԭ��
  // ����Base64��ʽ��ժҪֵ
  xtx.digestFileSM3 = function (file) {
    var reader = new FileReader();
    reader.onload = function (rResult) {
      var digestData = xtx.SM3ArrayBuffer(rResult.target.result);
      if (typeof xtx.onReady == 'function') {
        xtx.onReady(digestData);
      }
    };
    reader.readAsArrayBuffer(file);

    return;
  }

  xtx.digestAndEncryptDataSM3 = function (strCert, strUserInfo, file) {

    xtx.tmpData = strUserInfo;
    var reader = new FileReader();
    reader.onload = function (rResult) {
      console.log(rResult.target.result)
      var digestData = xtx.SM3ArrayBuffer(rResult.target.result);
      console.log(digestData)
      var strEncryptData = xtx.tmpData + "|" + digestData;
      var strEnvlope = xtx.encryptMessage(xtx.tmpCert, strEncryptData, "raw");
      strEnvlope += "|RSA";
      xtx.tmpData = null;
      xtx.tmpCert = null;
      if (typeof xtx.onReady == 'function') {
        xtx.onReady(strEnvlope);
      }
    };
    xtx.tmpData = strUserInfo;
    xtx.tmpCert = strCert;
   var rea= reader.readAsArrayBuffer(file);
    console.log('rea',rea)
    return;
  }
})();



function cajskey(){
  var cajskey = "MIIEnTCCA4WgAwIBAgIKG0AAAAAAAAXbADANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJDTjENMAsGA1UECgwEQkpDQTEYMBYGA1UECwwPUHVibGljIFRydXN0IENBMRowGAYDVQQDDBFQdWJsaWMgVHJ1c3QgQ0EtMjAeFw0xNzExMTYxNjAwMDBaFw0yNDEyMzAxNTU5NTlaMFwxCzAJBgNVBAYTAkNOMS0wKwYDVQQKDCTljJfkuqzmlbDlrZforqTor4HogqHku73mnInpmZDlhazlj7gxHjAcBgNVBAMMFVJTQeeul+azleiuvuWkh+ivgeS5pjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiqRDnbIzZ6jDkC5YHAZHZW6nvkk2g6A0ghf5CwRxRVec7hNj1C9a0mjjLtnGW+6h85ju/3q0tjH0qy6w1EOAIp8V/pkLR7yMdPze85/dcmvcL6D9xESf62pltaDP1Q3DEIYOqW412wY3bagiDIaUodSjavsQpuHzZzB8zAyZu9ECAwEAAaOCAe0wggHpMB8GA1UdIwQYMBaAFPu31FYXWIwjfdX4QgHU7XebV+vpMIGtBgNVHR8EgaUwgaIwbKBqoGikZjBkMQswCQYDVQQGEwJDTjENMAsGA1UECgwEQkpDQTEYMBYGA1UECwwPUHVibGljIFRydXN0IENBMRowGAYDVQQDDBFQdWJsaWMgVHJ1c3QgQ0EtMjEQMA4GA1UEAxMHY2E0Y3JsMjAyoDCgLoYsaHR0cDovL2xkYXAuYmpjYS5vcmcuY24vY3JsL3B0Y2EvY2E0Y3JsMi5jcmwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCAP8wGAYIYIZIAYb4RAIEDEpKNzIyNjE5NDEtMTAbBggqVoZIAYEwAQQPMTAyMDAwMDA2OTk3ODM0MBUGBSpWCwcJBAxKSjcyMjYxOTQxLTEwGgYGKlYLBwEIBBAxOENASko3MjI2MTk0MS0xMCoGC2CGSAFlAwIBMAkKBBtodHRwOi8vYmpjYS5vcmcuY24vYmpjYS5jcnQwQAYDVR0gBDkwNzA1BgkqgRyG7zICAgEwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5iamNhLm9yZy5jbi9jcHMwCwYDVR0PBAQDAgP4MBMGCiqBHIbvMgIBAR4EBQwDNjU0MA0GCSqGSIb3DQEBBQUAA4IBAQCHG+kD9c5Ha/8KFn+eGn6rCdv8Cyk49DqfkT4fks1QpWByWAo3EOTtI5vNE/mvhCEEtQ75Q/Y66jO19EjtGqcDeqbg07EDhjGPMoJM0lwueIgbrchd6bray+Fcl7Hc3N3w4UkolWijNc9dh7aFJ74Y8o+H0ikvZAQvzEkMy4F2/Twqs2nKOBJMmfnAutyXZiqoNNvrkmaXuhC7xIR1zjU0i2YllyWHh+QHZq1ItI7A6ANwwt+/d6AYhcBlkq8EV55LKphkbbVrFUViYqjn78n2MLSXBBiJ1jWNrKRVO4oThf37d9/XH4MSGvxdcoNQaoJ67CGzfk0QJpvSAAzP2EIc";
  return cajskey
}
function outxtx(){
  return xtx
}
export default {outxtx,cajskey}